removing the modification we applied on the master-config.yaml solved the problem. Now, I do not have any public signed certificates and I have to use the self-signed ones.
Is it the problem in the certificates or the procedure to deploy them was wrong? Thanks H.N. Harake From: <[email protected]> on behalf of "Hussein N. Harake" <[email protected]> Date: Thursday, 19 July 2018 at 10:26 To: Haoran Wang <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: Openshift certificates Thanks Wang, It is a public signed certificate for the web console only (replacing the self-signed ones). I followed this procedure: http://guifreelife.com/blog/2016/03/24/Replace-OpenShift-Console-SSL-Certificate Anyway, I tried to import the CA as you mentioned but same results The ca-bundle is a link to the tls-ca-bundle.pem /etc/pki/tls/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem H. N. Harake From: Haoran Wang <[email protected]> Date: Thursday, 19 July 2018 at 09:52 To: "Hussein N. Harake" <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: Openshift certificates Is this cert a public ssl certificate ? if no, can you try this on your master node to import your CA file?: openssl x509 -in <your_ca_file> -text >> /etc/pki/tls/certs/ca-bundle.crt On Thu, Jul 19, 2018 at 3:25 PM, N. Harake <mailto:[email protected]> wrote: Dear All, I recently added certificates to the Openshift web console by modifying /etc/origin/master/master-config.yaml I added these lines in assetConfig and under servingInfo: namedCertificates: - certFile: openshift.crt keyFile: openshift.key names: - "openshift.server" The certificate works fine for the console but when I try to access from the master node using system:admin through the certificate client x509 I get this error: [root@openshift01 ~]# oc get pod Unable to connect to the server: x509: certificate signed by unknown authority I do not know if it’s related to the changes I made. Any help is appreciated. Thanks, and best regards H. N. Harake _______________________________________________ dev mailing list mailto:[email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev _______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
