From a6e3eba41ac72875760cdbaa21a0b7a1262f9f85 Mon Sep 17 00:00:00 2001
From: Prithviraj Patil <116709298+prithvipatil97@users.noreply.github.com>
Date: Sat, 12 Jul 2025 02:22:37 +0530
Subject: [PATCH] Update nw-mutual-tls-auth.adoc

- Wrong command structure in Configuring mutual TLS authentication

Here is the current look:

Procedure

1. In the openshift-config namespace, create a config map from your CA bundle:

$ oc create configmap \
   router-ca-certs-default \
   --from-file=ca-bundle.pem=client-ca.crt \ 1
   -n openshift-config
4. Optional, get the Distinguished Name (DN) for allowedSubjectPatterns by entering the following command.

$ openssl  x509 -in custom-cert.pem  -noout -subject
subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift
The above commands are not structured properly.
We can use the above command as well, and it will execute perfectly.
But its structure is not as per our standard procedure.
Hence, it needs to be changed.
Here is the updated look:

1. In the openshift-config namespace, create a config map from your CA bundle:

$ oc create configmap \
  router-ca-certs-default \
  --from-file=ca-bundle.pem=client-ca.crt \ 1
  -n openshift-config
4. Optional, get the Distinguished Name (DN) for allowedSubjectPatterns by entering the following command.

$ openssl  x509 -in custom-cert.pem  -noout -subject
  subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift

[new-commit]Update nw-mutual-tls-auth.adoc

[new-commit]Update nw-mutual-tls-auth.adoc
---
 modules/nw-mutual-tls-auth.adoc | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/modules/nw-mutual-tls-auth.adoc b/modules/nw-mutual-tls-auth.adoc
index 25319a42e343..79156a4ef043 100644
--- a/modules/nw-mutual-tls-auth.adoc
+++ b/modules/nw-mutual-tls-auth.adoc
@@ -30,9 +30,9 @@ If the `clientCA` value specifies an X509v3 certificate revocation list (CRL) di
 [source,terminal]
 ----
 $ oc create configmap \
-   router-ca-certs-default \
-   --from-file=ca-bundle.pem=client-ca.crt \// <1>
-   -n openshift-config
+  router-ca-certs-default \
+  --from-file=ca-bundle.pem=client-ca.crt \// <1>
+  -n openshift-config
 ----
 <1> The config map data key must be `ca-bundle.pem`, and the data value must be a CA certificate in PEM format.
 
@@ -61,9 +61,16 @@ $ oc edit IngressController default -n openshift-ingress-operator
       allowedSubjectPatterns:
       - "^/CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift$"
 ----
+
 . Optional, get the Distinguished Name (DN) for `allowedSubjectPatterns` by entering the following command.
++
 [source,terminal]
 ----
-$ openssl  x509 -in custom-cert.pem  -noout -subject
-subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift
+$ openssl x509 -in custom-cert.pem -noout -subject
+----
++
+.Example output
+[source,text]
+----
+subject=C=US, ST=NC, O=Security, OU=OpenShift, CN=example.com
 ----