From 4296a746ea621ae2cd9e7a0e2bbed65c9059c59a Mon Sep 17 00:00:00 2001 From: tedaveryredhat Date: Wed, 17 Jun 2026 15:49:24 -0400 Subject: [PATCH] OSDOCS-17171:CQA 2.0-Security-Certificates --- modules/ca-bundle-replacing.adoc | 7 +++++-- security/certificates/updating-ca-bundle.adoc | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/ca-bundle-replacing.adoc b/modules/ca-bundle-replacing.adoc index 4284a8b3322c..ef17dda685c5 100644 --- a/modules/ca-bundle-replacing.adoc +++ b/modules/ca-bundle-replacing.adoc @@ -6,6 +6,9 @@ [id="ca-bundle-replacing_{context}"] = Replacing the CA Bundle certificate +[role="_abstract"] +To trust a custom certificate authority for egress connections in {product-title}, you can replace the CA bundle by creating a config map with your root CA certificate and updating the cluster proxy configuration. + .Procedure . Create a config map that includes the root CA certificate used to sign the wildcard certificate: @@ -13,10 +16,10 @@ [source,terminal] ---- $ oc create configmap custom-ca \ - --from-file=ca-bundle.crt= \//<1> + --from-file=ca-bundle.crt= \ -n openshift-config ---- -<1> `` is the path to the CA certificate bundle on your local file system. +`` is the path to the CA certificate bundle on your local file system. . Update the cluster-wide proxy configuration with the newly created config map: + diff --git a/security/certificates/updating-ca-bundle.adoc b/security/certificates/updating-ca-bundle.adoc index ad24eb561491..45afaad765d2 100644 --- a/security/certificates/updating-ca-bundle.adoc +++ b/security/certificates/updating-ca-bundle.adoc @@ -6,6 +6,8 @@ include::_attributes/common-attributes.adoc[] toc::[] +[role="_abstract"] +To trust custom certificate authorities for egress connections in {product-title}, you can update the CA bundle by specifying custom CA certificates in the cluster-wide proxy configuration. include::modules/ca-bundle-understanding.adoc[leveloffset=+1]