The OCI Open LZ is a set of open and secure OCI landing zone blueprints to simplify the onboarding and running of organizations, business units, and subsidiaries into OCI - by customers, partners, or ISVs. Use it to create your own OCI Landing Zone.
Universal Permissive License v1.0
27
stars
8
forks
source link
examples/shared should have a reference to LBaaS certificates creation #5
We should indicate the need to have valid PEM certificates for the Load Balancer. For educational purposes, and if the user has not trusted CA certificates we can point to a public reference with instructions on how to setup self-signed certificates in the shared MD documentation or a link to a secondary MD with some instructions like:
a. Create a Self-Signed Root CA:
openssl req -x509 -sha256 -days 1825 -newkey rsa:2048 -keyout ca.key -out ca.crt
b. Create a cert key and certificate signing request (CSR):
openssl req -nekey rsa:2048 -nodes -keyout my_cert.key -out my_cert.csr
c. Sign the certificate CSR with Root CA:
cat my_cert.txt
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
subjectAltName = @alt_names [alt_names]
DNS.1 = oe01.com
openssl x509 -req -CA ca.crt -CAkey ca.key -in my_cert.csr -out my_cert.crt -days 365 -CAcreateserial -extfile my_cert.txt
d. Check the cert:
openssl x509 -text -noout -in my_cert.crt
The provided example creates a LB with a certificate that has a reference to pre-existing local certificates folder:
We should indicate the need to have valid PEM certificates for the Load Balancer. For educational purposes, and if the user has not trusted CA certificates we can point to a public reference with instructions on how to setup self-signed certificates in the shared MD documentation or a link to a secondary MD with some instructions like: