The console is served on whatever you provide as "--public-master" to the docker run command.
I don't think we've seen this particular one yet - we definitely tightened our accepted ciphers list to pull the insecure ones out, but please open an issue and we'll track it down. On Tue, Feb 16, 2016 at 9:18 AM, Marc Boorshtein <[email protected]> wrote: > All, > > I tried downloading and setting up openshift on docker > docker-engine-1.10.1-1 on centos7. I used the following command to get up > and running: > > docker run -d --name "origin" --privileged --pid=host --net=bridge > -p 8443:8443 -v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys -v > /var/lib/docker:/var/lib/docker:rw -v > /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes > -h openshift.xxx.lan openshift/origin start > > When I try to go to the console on 8443 I get redirected to a 172 address > and firefox complains that the SSL connection is broken: > > Secure Connection Failed > > An error occurred during a connection to openshift.xxxx.lan:8443. security > library: improperly formatted DER-encoded message. (Error code: > sec_error_bad_der) > > The page you are trying to view cannot be shown because the authenticity > of the received data could not be verified. > Please contact the website owners to inform them of this problem. > > but when I check the connection I get the following: > [root@openshift ~]# openssl s_client -connect 'openshift.tremolo.lan:8443' > CONNECTED(00000003) > depth=1 CN = openshift-signer@1455630818 > verify error:num=19:self signed certificate in certificate chain > verify return:0 > --- > Certificate chain > 0 s:/CN=127.0.0.1 > i:/CN=openshift-signer@1455630818 > 1 s:/CN=openshift-signer@1455630818 > i:/CN=openshift-signer@1455630818 > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIID8TCCAtugAwIBAgIBBjALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo > aWZ0LXNpZ25lckAxNDU1NjMwODE4MB4XDTE2MDIxNjEzNTM0MloXDTE4MDIxNTEz > NTM0M1owFDESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC > AQ8AMIIBCgKCAQEA8NVlc/xYxrdo6ucYHoCtKvAjTxyCfdsAPGBm/VHbFQ+qLEIn > 6zk9eIKQ8kIHbm7xYFLFsvgBcmZwg6vf3NJoovaQREGqUo43Kuv2yk1NBVK5t3c9 > bA4fmNJFCjy31JsoSyYm/ndsVatF0y5K8YlFzgyFyMoOuWGuMTiAZAKqHW307/QM > IHkmMBt6++tO04F2f9T2Z9h/V677iJ9QC7YiGF+KL9hM7F4S/dwQWiwPso4gMaQF > QdvXv9OZoRQ6/0YY/UnLJFoF/hfLt4oODu0GSMK9BAuS/67aJilexcSDXXGeSuIh > OgN79UAW70bbd+OR8AqxU3EjiE8P9LMb87EpwwIDAQABo4IBPjCCATowDgYDVR0P > AQH/BAQDAgCgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwggED > BgNVHREEgfswgfiCCmt1YmVybmV0ZXOCEmt1YmVybmV0ZXMuZGVmYXVsdIIWa3Vi > ZXJuZXRlcy5kZWZhdWx0LnN2Y4Ika3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVz > dGVyLmxvY2Fsgglsb2NhbGhvc3SCCW9wZW5zaGlmdIIRb3BlbnNoaWZ0LmRlZmF1 > bHSCFW9wZW5zaGlmdC5kZWZhdWx0LnN2Y4Ijb3BlbnNoaWZ0LmRlZmF1bHQuc3Zj > LmNsdXN0ZXIubG9jYWyCCTEyNy4wLjAuMYIKMTcyLjE3LjAuMoIKMTcyLjMwLjAu > MYcEfwAAAYcErBEAAocErB4AATALBgkqhkiG9w0BAQsDggEBAAgxc6TRaCcT5jBP > Mj6K3CUkhN8S/3Us0gHIQ0ZYIvpzfi+HH9vUggS44E3I9OI2TN5pTZ0vDSbLMEva > VfvlZHsi4qlA/72rP50Gw+GMooofc8FHo08AXM2Lf/jE8/w88F4kXLZqVvnsQ/N4 > bxSDg+0tydEAVoBopcvIyUj7QGFT7MT7icHe2ql6vnoXwZzeTLEKoNSk/NXlbLs8 > IDW9bAa941SBYoVwyXsL5e4y7xqI4fKMX/gbF2FjAIwxa9PfeZKZ4bFNKY0b4LAr > Jl3NXbpbzmYlGqJwCBjY5JdOmXpjvkUv7ynYuV/ov65zz9RCfDp4CYDiZG80cgdj > Z1EmREE= > -----END CERTIFICATE----- > subject=/CN=127.0.0.1 > issuer=/CN=openshift-signer@1455630818 > --- > Acceptable client certificate CA names > /CN=openshift-signer@1455630818 > Server Temp Key: ECDH, prime256v1, 256 bits > --- > SSL handshake has read 2414 bytes and written 385 bytes > --- > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES128-GCM-SHA256 > Session-ID: > 0F1D94EB43646490A6FAFE006BEC3149C48B8A11ACA71CD7B04FD6FA9EAFA0CC > Session-ID-ctx: > Master-Key: > 3885305A1D2D8CCFB59A8C535ED0FD23388E774B6262EEF848A5E6B916C2471D1171A87A07AAF7D981916E2F57DDB8A1 > Key-Arg : None > Krb5 Principal: None > PSK identity: None > PSK identity hint: None > TLS session ticket: > 0000 - f9 2d fc 2d 20 77 06 2a-eb 9d 85 e1 ea 9f 3a 82 .-.- > w.*......:. > 0010 - a1 c4 b2 10 89 ee 94 33-31 62 fe f4 44 3f e1 16 > .......31b..D?.. > 0020 - 4d af 2a 01 b6 f6 d2 62-b7 c2 a6 6c 75 d1 c3 a2 > M.*....b...lu... > 0030 - 90 89 2f 22 eb 02 71 08-38 3b aa 7e ee 0f 39 ee > ../"..q.8;.~..9. > 0040 - 52 2e f2 1f 47 63 56 a8-65 79 01 7a ab 0d f7 de > R...GcV.ey.z.... > 0050 - 13 b0 6c 49 58 23 46 dc-ec 00 9a 3c 95 3d 87 6c > ..lIX#F....<.=.l > 0060 - b2 da de d4 25 e6 94 87- ....%... > > Start Time: 1455632113 > Timeout : 300 (sec) > Verify return code: 19 (self signed certificate in certificate chain) > --- > > A couple of questions: > 1. Is there an environment variable I can set that lets me set the host > name openshift console redirects to? (so i don't get redirected to an IP) > 2. Has anyone run into this issue with firefox? Google seems to think its > because firefox doesn't support the cipher. > > Any help would be greatly appreciated. > > Thanks > Marc > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
