This is a cache of https://docs.openshift.com/container-platform/4.5/security/certificate_types_descriptions/user-provided-certificates-for-api-server.html. It is a snapshot of the page at 2024-11-20T23:50:03.090+0000.
User-provided <strong>certificate</strong>s for the API server - <strong>certificate</strong> types and descriptions | Security | OpenShift Container Platform 4.5
×

Purpose

The API server is accessible by clients external to the cluster at api.<cluster_name>.<base_domain>. You might want clients to access the API server at a different host name or without the need to distribute the cluster-managed certificate authority (CA) certificates to the clients. The administrator must set a custom default certificate to be used by the API server when serving content.

Location

The user-provided certificates must be provided in a kubernetes.io/tls type Secret in the openshift-config namespace. Update the API server cluster configuration, the apiserver/cluster resource, to enable the use of the user-provided certificate.

Management

User-provided certificates are managed by the user.

Expiration

API server client certificate expiration is less than five minutes.

User-provided certificates are managed by the user.

Customization

Update the secret containing the user-managed certificate as needed.

Additional resources