Re: Encryption of pdAdmin on OpenShift with TLS termination type reencrypt

On Tue, Jun 7, 2022 at 10:29 AM Khushboo Vashi <
khushboo(dot)vashi(at)enterprisedb(dot)com> wrote:

> Hello,
>
> On Tue, Jun 7, 2022 at 1:58 AM <Boon-Hooi(dot)Choo(at)t-systems(dot)com> wrote:
>
>> Hello everyone,
>>
>>
>>
>> I am trying to encrypt the connection from client side to the pod of
>> pgAdmin 4 (container) on OpenShift. I have included a certificate
>> (server.cert) and a key (server.key), which are extracted from the PFX file
>> from our certificate operator on OpenShift. I have *succeeded* to
>> encrypt the connection with TLS termination type “*edge*”, which is
>> defined in YAML file for route for pgAdmin 4. With type “edge”, we only
>> encrypt until the HA-Proxy (Router of OpenShift).
>>
>> However, when I tried to change the TLS termination type to “*reencrypt*”,
>> with destination CA certificate provided, I have received a TLS handshake
>> problem. I have tried to research online, and I believed that it is because
>> I am trying to do a SSL connection to a non-SSL pod of pgAdmin 4. Do you
>> know how could we change the config file of pod (NGINX?) and add the line
>> of “host 443 ssl” to the server? (P.S.: I use the image of pgAdmin from
>> crunchydata registry in my deployment YAML file.)
>>
>>
>>
> You can get the idea regarding NGINX settings at
> https://www.pgadmin.org/download/pgadmin-4-container/, and this document
> supports the pgAdmin container image
> <https://www.pgadmin.org/download/pgadmin-4-container/> (not the crunchy
> data registry.).
>

NGINX settings document link:
https://www.pgadmin.org/docs/pgadmin4/6.10/container_deployment.html

Thanks,
> Khushboo
>
> Thank you so much for your attention, any help would be much appreciated!
>>
>>
>>
>>
>>
>>
>>
>> Many thanks and best regards,
>>
>>
>>
>> Boon Hooi Choo
>>
>>
>>
>> Consultant Digital Integration
>>
>> PU Digital Solutions/Products & Solutions
>>
>>
>>
>> *T-Systems International GmbH*
>>
>