[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Openshift certificates

Thanks Wang,


It is a public signed certificate for the web console only (replacing the self-signed ones).

I followed this procedure:




Anyway, I tried to import the CA as you mentioned but same results

The ca-bundle is a link to the tls-ca-bundle.pem


/etc/pki/tls/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem


H. N. Harake



From: Haoran Wang <haowang redhat com>
Date: Thursday, 19 July 2018 at 09:52
To: "Hussein N. Harake" <hussein cscs ch>
Cc: "dev lists openshift redhat com" <dev lists openshift redhat com>
Subject: Re: Openshift certificates


Is this cert a public ssl certificate ? if no, can you try this on your master node to import your CA file?:


openssl x509 -in <your_ca_file> -text >> /etc/pki/tls/certs/ca-bundle.crt 


On Thu, Jul 19, 2018 at 3:25 PM, N. Harake <hussein cscs ch> wrote:

Dear All,

I recently added certificates to the Openshift web console by modifying /etc/origin/master/master-config.yaml

I added these lines in assetConfig and under servingInfo:

      - certFile: openshift.crt
        keyFile: openshift.key
          - "openshift.server"

The certificate works fine for the console but when I try to access from the master node using system:admin through the certificate client x509
I get this error:

[root openshift01 ~]# oc get pod
Unable to connect to the server: x509: certificate signed by unknown authority

I do not know if it’s related to the changes I made.

Any help is appreciated.

Thanks, and best regards

H. N. Harake

dev mailing list
dev lists openshift redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]