[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Openshift certificates



removing the modification we applied on the master-config.yaml solved the problem.
Now, I do not have any public signed certificates and I have to use the self-signed ones. 

Is it the problem in the certificates or the procedure to deploy them was wrong?

Thanks
H.N. Harake

From: <dev-bounces lists openshift redhat com> on behalf of "Hussein N. Harake" <hussein cscs ch>
Date: Thursday, 19 July 2018 at 10:26
To: Haoran Wang <haowang redhat com>
Cc: "dev lists openshift redhat com" <dev lists openshift redhat com>
Subject: Re: Openshift certificates

Thanks Wang,
 
It is a public signed certificate for the web console only (replacing the self-signed ones).
I followed this procedure:
 
http://guifreelife.com/blog/2016/03/24/Replace-OpenShift-Console-SSL-Certificate
 
Anyway, I tried to import the CA as you mentioned but same results 
The ca-bundle is a link to the tls-ca-bundle.pem 
 
/etc/pki/tls/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
H. N. Harake
 
 
From: Haoran Wang <haowang redhat com>
Date: Thursday, 19 July 2018 at 09:52
To: "Hussein N. Harake" <hussein cscs ch>
Cc: "dev lists openshift redhat com" <dev lists openshift redhat com>
Subject: Re: Openshift certificates
 
Is this cert a public ssl certificate ? if no, can you try this on your master node to import your CA file?: 
 
openssl x509 -in <your_ca_file> -text >> /etc/pki/tls/certs/ca-bundle.crt 
 
On Thu, Jul 19, 2018 at 3:25 PM, N. Harake <mailto:hussein cscs ch> wrote:
Dear All,

I recently added certificates to the Openshift web console by modifying /etc/origin/master/master-config.yaml

I added these lines in assetConfig and under servingInfo:

    namedCertificates:
      - certFile: openshift.crt
        keyFile: openshift.key
        names:
          - "openshift.server"

The certificate works fine for the console but when I try to access from the master node using system:admin through the certificate client x509
I get this error:

[root openshift01 ~]# oc get pod
Unable to connect to the server: x509: certificate signed by unknown authority

I do not know if it’s related to the changes I made.

Any help is appreciated.

Thanks, and best regards

H. N. Harake








_______________________________________________
dev mailing list
mailto:dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]