[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Openshift certificates



Thanks Wang,

 

It is a public signed certificate for the web console only (replacing the self-signed ones).

I followed this procedure:

 

http://guifreelife.com/blog/2016/03/24/Replace-OpenShift-Console-SSL-Certificate

 

Anyway, I tried to import the CA as you mentioned but same results

The ca-bundle is a link to the tls-ca-bundle.pem

 

/etc/pki/tls/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

 

H. N. Harake

 

 

From: Haoran Wang <haowang redhat com>
Date: Thursday, 19 July 2018 at 09:52
To: "Hussein N. Harake" <hussein cscs ch>
Cc: "dev lists openshift redhat com" <dev lists openshift redhat com>
Subject: Re: Openshift certificates

 

Is this cert a public ssl certificate ? if no, can you try this on your master node to import your CA file?:

 

openssl x509 -in <your_ca_file> -text >> /etc/pki/tls/certs/ca-bundle.crt 

 

On Thu, Jul 19, 2018 at 3:25 PM, N. Harake <hussein cscs ch> wrote:

Dear All,

I recently added certificates to the Openshift web console by modifying /etc/origin/master/master-config.yaml

I added these lines in assetConfig and under servingInfo:

    namedCertificates:
      - certFile: openshift.crt
        keyFile: openshift.key
        names:
          - "openshift.server"

The certificate works fine for the console but when I try to access from the master node using system:admin through the certificate client x509
I get this error:

[root openshift01 ~]# oc get pod
Unable to connect to the server: x509: certificate signed by unknown authority

I do not know if it’s related to the changes I made.

Any help is appreciated.

Thanks, and best regards

H. N. Harake








_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]