Trying to deploy prod grade cert to our prod installation. Browser showing green light but CLI clients showing cert errors. OC client unable to display any projects. Do we need to use cafile in the config? I couldn’t find right syntax . I tried caFile but no use.
Although browser showing green light and showing correct cert info, unable to display any projects including default projects after authentication We are using separate URL for public and internal OpenShift communication. Public URL is load balanced with 3 masters. LB was configured with SS pass-through to masters and masters doing actual SSL offload. oc login https://<API<https://%3cAPI> VIP> 1 ↵ The server uses a certificate signed by an unknown authority. You can bypass the certificate check, but any data you send to the server could be intercepted by others. Use insecure connections? (y/n): oc project default 1 ↵ Error from server: Get https://<api<https://%3capi> vip> /api/v1/namespaces/default: x509: certificate signed by unknown authority assetConfig: logoutURL: "" masterPublicURL: https://apivip publicURL: https://apivip/console/ servingInfo: bindAddress: 0.0.0.0:443 bindNetwork: tcp4 certFile: master.server.crt clientCA: "" keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 namedCertificates: - certFile: /opt/cae/certs/master/cae.crt keyFile: /opt/cae/certs/master/cae.key names: - "mastervip" - "master1" - "master2" - "master3" servingInfo: bindAddress: 0.0.0.0:443 bindNetwork: tcp4 certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key maxRequestsInFlight: 500 requestTimeoutSeconds: 3600 namedCertificates: - certFile: /opt/cae/certs/master/cae.crt keyFile: /opt/cae/certs/master/cae.key names: - "mastervip" - "master1" - "master2" - "master3" -- Srinivas Kotaru
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
