Update nw-mutual-tls-auth.adoc

prithvipatil97 · openshift-cherrypick-robot · commit 7b0851b65866 · 2025-07-17T18:28:02.000Z
- Wrong command structure in Configuring mutual TLS authentication

Here is the current look:

Procedure

1. In the openshift-config namespace, create a config map from your CA bundle:

$ oc create configmap \
   router-ca-certs-default \
   --from-file=ca-bundle.pem=client-ca.crt \ 1
   -n openshift-config
4. Optional, get the Distinguished Name (DN) for allowedSubjectPatterns by entering the following command.

$ openssl  x509 -in custom-cert.pem  -noout -subject
subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift
The above commands are not structured properly.
We can use the above command as well, and it will execute perfectly.
But its structure is not as per our standard procedure.
Hence, it needs to be changed.
Here is the updated look:

1. In the openshift-config namespace, create a config map from your CA bundle:

$ oc create configmap \
  router-ca-certs-default \
  --from-file=ca-bundle.pem=client-ca.crt \ 1
  -n openshift-config
4. Optional, get the Distinguished Name (DN) for allowedSubjectPatterns by entering the following command.

$ openssl  x509 -in custom-cert.pem  -noout -subject
  subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift

[new-commit]Update nw-mutual-tls-auth.adoc

[new-commit]Update nw-mutual-tls-auth.adoc
diff --git a/modules/nw-mutual-tls-auth.adoc b/modules/nw-mutual-tls-auth.adoc
@@ -30,9 +30,9 @@ If the `clientCA` value specifies an X509v3 certificate revocation list (CRL) di
 [source,terminal]
 ----
 $ oc create configmap \
-   router-ca-certs-default \
-   --from-file=ca-bundle.pem=client-ca.crt \// <1>
-   -n openshift-config
+  router-ca-certs-default \
+  --from-file=ca-bundle.pem=client-ca.crt \// <1>
+  -n openshift-config
 ----
 <1> The config map data key must be `ca-bundle.pem`, and the data value must be a CA certificate in PEM format.
 
@@ -61,9 +61,16 @@ $ oc edit IngressController default -n openshift-ingress-operator
       allowedSubjectPatterns:
       - "^/CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift$"
 ----
+
 . Optional, get the Distinguished Name (DN) for `allowedSubjectPatterns` by entering the following command.
++
 [source,terminal]
 ----
-$ openssl  x509 -in custom-cert.pem  -noout -subject
-subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift
+$ openssl x509 -in custom-cert.pem -noout -subject
+----
++
+.Example output
+[source,text]
+----
+subject=C=US, ST=NC, O=Security, OU=OpenShift, CN=example.com
 ----
