Hi.
------ Originalnachricht ------ Von: "Feld, Michael (IMS)" <[email protected]>An: "[email protected]" <[email protected]>
Gesendet: 06.12.2017 14:29:27 Betreff: router certificate question
Hey all,I have a cluster where we use an external HAProxy to terminate SSL and send traffic to the routers in the OpenShift cluster, so the routes within the cluster do not use TLS. It looks like when this cluster was setup, default certificates were given to the routers and are expiring soon (I get this when running the ansible easy-mode.yaml):"router": [ {"cert_cn": "OU=Domain Control Validated:, CN=*.<redacted>.com:, DNS:*. <redacted>.com, DNS: <redacted>.com","days_remaining": 11, "expiry": "2017-12-17 20:13:24", "health": "warning", "path": "/api/v1/namespaces/default/secrets/router-certs", "serial": <redacted>, "serial_hex": "<redacted>" } ]My question is, is it OK to let this expire without taking any action? How can I safely remove the default certificates to remove the warnings in the future?
Well this depends on your opneshift version.The default router have some secrets where the certs are or in a environment Variable.
Please can you provide us with the output of the following commands. oc versionoc get secrets -n default # I assume you use the router in the default project
oc env dc/router -n default --list oc describe dc router -n default
Thanks Mike
Best regards aleks
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
