Securing OpenShift Routes with Custom SSL Custom SSL for OpenShift Routes

Openshift RSH Network December 13, 2025 2 mins read

Learn how to secure OpenShift routes with custom SSL certificates using a clear, step-by-step CLI and YAML configuration approach.

Back to Blog Posts

🔍 Introduction

Securing OpenShift routes with custom SSL certificates is a critical requirement for production-grade Kubernetes and OpenShift deployments. While OpenShift provides a default wildcard certificate, enterprise workloads often demand branded SSL, stronger trust guarantees, and compliance with organizational security policies.

In today’s block, you’ll learn how to replace the default OpenShift wildcard certificate with your own custom SSL certificate for a specific route.

🔧 Step-by-Step Guide: Securing OpenShift Routes

1️⃣ Generate or Obtain an SSL Certificate

First, generate or obtain an SSL certificate from a trusted source such as:

  • Let’s Encrypt

  • DigiCert

  • Sectigo

  • Internal Enterprise CA

You should have:

  • A certificate file (.crt)

  • A private key file (.key)

2️⃣ Create a TLS Secret in OpenShift

Create a Kubernetes TLS secret containing your certificate and key:

 
oc create secret tls rsh-custom-cert \ --cert=your-cert.crt \ --key=your-key.key \ -n your-project

This secret securely stores your SSL assets within the OpenShift namespace.

3️⃣ Patch or Define the Route with TLS Configuration

Create or update your OpenShift route YAML to reference your custom SSL certificate.

 
apiVersion: route.openshift.io/v1 kind: Route metadata: name: rsh-app namespace: your-project spec: host: app.rshnetwork.com to: kind: Service name: rsh-service tls: termination: edge key: | -----BEGIN PRIVATE KEY----- ... certificate: | -----BEGIN CERTIFICATE----- ...

🔹 TLS Termination:

  • edge → TLS terminates at the OpenShift router

  • Suitable for most web applications

4️⃣ Apply the Route Configuration

Apply the updated route:

 
oc apply -f rsh-route.yaml

OpenShift will automatically deploy the new certificate to the router.

5️⃣ Verify SSL Configuration

Confirm that your custom SSL certificate is active:

 
curl -v https://app.rshnetwork.com

Or verify via:

  • Browser certificate inspection

  • SSL Labs test (optional)

Benefits of Custom SSL in OpenShift

  • 🔐 Improved Trust with branded certificates

  • 🌐 Better SEO & browser reputation

  • 🚫 Avoid wildcard certificate limitations

  • 📜 Meet enterprise compliance requirements

  • 🏢 Professional, production-ready deployments

Advertisement

R
RSH Network

52 posts published

Sign in to subscribe to blog updates