Hi Nikolas, Good news first: I have setup 2 new kvm hosts okd02a and okd02b, created new certificates (using different key files, as you suggested), derived a new inventory file from the old one, and gave it a try: This time it worked. "openssl s_client" shows me the expected certificate chains for okd02.aixigo.de and console.okd02.aixigo.de.
On 3/27/19 2:59 PM, Nikolas Philips wrote:
/Resending, as I forgot the User List as CC:/ Ok, I remember that I got this warning too and it seems to be unrelated to the master API certificate. As James already mentioned, maybe it's a problem that you set the public, internal and subdomain var to the same hostname: openshift_master_cluster_hostname=okd01.aixigo.de <http://okd01.aixigo.de/> openshift_master_cluster_public_hostname=okd01.aixigo.de <http://okd01.aixigo.de/> openshift_master_default_subdomain=okd01.aixigo.de <http://okd01.aixigo.de/>
AFAICT this is a correct approach, but I cannot say that I really got the difference between these 3 vars. Since okd02 works, I would suggest to keep these settings for okd01.
Just as a note, to prevent further issues, the certfile should point to the fullchain, and not only to the certificate, so that clients which don't know the intermediates certs (like curl or oc cli) work without error.
I will uninstall okd01 and deploy again, using the full chain in the certificate, as you suggested. Thanx very much for your help Harri _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
