turns out if you don't give the router a new destination ca cert when you generate one it doesn't work. Changing the extensions did the trick.
Thanks Jordan On Mon, Jun 4, 2018 at 11:16 AM Marc Boorshtein <[email protected]> wrote: > On Sat, Jun 2, 2018 at 3:25 PM Jordan Liggitt <[email protected]> wrote: > >> The only differences I see are in key usage restrictions >> >> > same issue: > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 1528124732081 (0x163cb54f2b1) > Signature Algorithm: sha256WithRSAEncryption > Issuer: C = dev, ST = dev, L = dev, O = dev, OU = dev, CN = > unison-scalejs-rh.tremolo.io > Validity > Not Before: Jun 4 00:00:00 2018 GMT > Not After : Jun 1 00:00:00 2028 GMT > Subject: C = dev, ST = dev, L = dev, O = dev, OU = dev, CN = > unison-scalejs-rh.tremolo.io > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (2048 bit) > Modulus: > 00:a1:e3:8e:4f:b1:f1:3a:15:4a:bc:e2:ef:0c:01: > 1a:98:16:d1:f2:08:96:25:eb:e8:f6:d0:b9:26:01: > ed:38:9c:d4:57:58:b8:0e:41:53:5b:71:50:28:27: > ee:45:17:9e:2c:33:9f:2c:40:44:6b:da:04:f4:a8: > 56:0d:6a:5b:bd:e2:76:e2:e2:91:cf:88:59:c6:31: > 7d:24:53:1e:42:b4:ac:83:26:b5:33:1a:d0:03:73: > 62:25:48:5f:f9:6e:74:6b:c7:f7:84:1a:78:db:f5: > 30:92:97:d5:28:48:bb:ca:28:38:c8:fa:fe:11:54: > 03:5f:51:82:5d:f0:c4:f6:46:5b:dd:5b:ee:0a:99: > f1:91:2d:c9:c0:d2:f7:e1:4a:5b:ad:9e:dd:19:f0: > 1b:08:be:a0:98:23:38:32:40:64:1f:e4:9f:10:43: > f7:1b:fa:88:55:54:46:46:fc:88:b3:e9:f2:41:7e: > 6c:93:f2:34:7a:c0:5a:aa:18:35:3e:35:e6:7b:bb: > e3:77:36:ab:fd:9f:2f:62:f6:33:d5:7a:61:e9:9f: > 71:42:fa:0a:3f:9c:87:50:87:59:ea:ce:13:23:70: > 4d:71:11:0b:0d:24:77:c1:9b:c5:38:00:c9:e0:5c: > a5:29:61:5d:33:f1:53:0a:57:72:e2:69:fa:54:0a: > 5a:c7 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Basic Constraints: critical > CA:TRUE > X509v3 Key Usage: critical > Certificate Sign > X509v3 Extended Key Usage: critical > Any Extended Key Usage > Signature Algorithm: sha256WithRSAEncryption > 91:66:93:bc:27:1c:43:48:90:5a:dd:46:8b:d0:43:90:68:71: > 74:64:47:95:fe:c6:a8:f2:62:40:0e:31:aa:0e:4a:fa:92:b4: > ec:d4:b9:78:85:76:ab:ed:2a:5e:7d:07:c3:ed:8b:10:6b:f0: > 6f:5a:c0:5d:f2:8c:d0:99:2b:12:0c:cc:a3:ae:a6:e3:a8:68: > 05:62:7c:d3:82:ad:9a:4c:25:d9:a1:23:ca:a0:b1:71:17:e2: > 37:c9:6f:f2:13:b6:71:ac:61:39:fd:c8:aa:32:cc:b9:fb:81: > c6:9b:36:18:95:16:82:a6:76:81:c2:24:03:c7:40:05:a4:f8: > ef:4d:15:af:a2:5e:0a:0f:41:20:8d:7f:80:e0:29:b2:90:46: > a2:e3:7a:20:a8:db:be:5f:19:31:66:4d:fd:e9:17:b1:84:c9: > 03:0b:29:70:72:24:30:4e:2d:26:7f:ea:ef:45:d8:64:03:9d: > 1e:43:51:01:db:f9:44:a7:d8:46:b8:93:d0:49:65:78:3b:5c: > 78:f5:b5:ca:c0:eb:fa:17:68:0d:87:5d:2f:3e:4b:fc:b8:4b: > 97:d3:9a:3d:74:ec:6d:39:6a:7c:ab:61:df:b4:bd:e0:f6:1e: > 60:bc:50:7b:0c:83:ec:12:d6:93:4d:f5:70:4e:36:53:7c:44: > 1c:fa:f7:db > -----BEGIN CERTIFICATE----- > MIIDkTCCAnmgAwIBAgIGAWPLVPKxMA0GCSqGSIb3DQEBCwUAMG0xDDAKBgNVBAYT > A2RldjEMMAoGA1UECBMDZGV2MQwwCgYDVQQHEwNkZXYxDDAKBgNVBAoTA2RldjEM > MAoGA1UECxMDZGV2MSUwIwYDVQQDExx1bmlzb24tc2NhbGVqcy1yaC50cmVtb2xv > LmlvMB4XDTE4MDYwNDAwMDAwMFoXDTI4MDYwMTAwMDAwMFowbTEMMAoGA1UEBhMD > ZGV2MQwwCgYDVQQIEwNkZXYxDDAKBgNVBAcTA2RldjEMMAoGA1UEChMDZGV2MQww > CgYDVQQLEwNkZXYxJTAjBgNVBAMTHHVuaXNvbi1zY2FsZWpzLXJoLnRyZW1vbG8u > aW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh445PsfE6FUq84u8M > ARqYFtHyCJYl6+j20LkmAe04nNRXWLgOQVNbcVAoJ+5FF54sM58sQERr2gT0qFYN > alu94nbi4pHPiFnGMX0kUx5CtKyDJrUzGtADc2IlSF/5bnRrx/eEGnjb9TCSl9Uo > SLvKKDjI+v4RVANfUYJd8MT2RlvdW+4KmfGRLcnA0vfhSlutnt0Z8BsIvqCYIzgy > QGQf5J8QQ/cb+ohVVEZG/Iiz6fJBfmyT8jR6wFqqGDU+NeZ7u+N3Nqv9ny9i9jPV > emHpn3FC+go/nIdQh1nqzhMjcE1xEQsNJHfBm8U4AMngXKUpYV0z8VMKV3LiafpU > ClrHAgMBAAGjNzA1MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMBIG > A1UdJQEB/wQIMAYGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAJFmk7wnHENIkFrd > RovQQ5BocXRkR5X+xqjyYkAOMaoOSvqStOzUuXiFdqvtKl59B8PtixBr8G9awF3y > jNCZKxIMzKOupuOoaAVifNOCrZpMJdmhI8qgsXEX4jfJb/ITtnGsYTn9yKoyzLn7 > gcabNhiVFoKmdoHCJAPHQAWk+O9NFa+iXgoPQSCNf4DgKbKQRqLjeiCo275fGTFm > Tf3pF7GEyQMLKXByJDBOLSZ/6u9F2GQDnR5DUQHb+USn2Ea4k9BJZXg7XHj1tcrA > 6/oXaA2HXS8+S/y4S5fTmj107G05anyrYd+0veD2HmC8UHsMg+wS1pNN9XBONlN8 > RBz699s= > -----END CERTIFICATE----- > > > > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
