mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
31 lines
1.3 KiB
Plaintext
31 lines
1.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * builds/creating-build-inputs.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="builds-source-secret-trusted-ca_{context}"]
|
|
= Creating a secret from source code trusted certificate authorities
|
|
|
|
The set of Transport Layer Security (TLS) certificate authorities (CA) that are trusted during a Git clone operation are built into the {product-title} infrastructure images. If your Git server uses a self-signed certificate or one signed by an authority not trusted by the image, you can create a secret that contains the certificate or disable TLS verification.
|
|
|
|
If you create a secret for the CA certificate, {product-title} uses it to access your Git server during the Git clone operation. Using this method is significantly more secure than disabling Git SSL verification, which accepts any TLS certificate that is presented.
|
|
|
|
.Procedure
|
|
|
|
Create a secret with a CA certificate file.
|
|
|
|
. If your CA uses Intermediate Certificate Authorities, combine the certificates for all CAs in a `ca.crt` file. Enter the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ cat intermediateCA.crt intermediateCA.crt rootCA.crt > ca.crt
|
|
----
|
|
|
|
. Create the secret by entering the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create secret generic mycert --from-file=ca.crt=</path/to/file> <1>
|
|
----
|
|
<1> You must use the key name `ca.crt`.
|