[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: PV manual reclamation and recyling



Hello,
Has anyone been able to get a wildcard cert chain working successfully in a OSE3.3 HA configuration successfully?
I believe my issue resides in the way I'm encoding the PEM file and presenting it with Ansible.  Any help would be greatly appreciated.

Current config is 3 masters/etcd,  3 nodes, a master_lb, and an external nfs storage.

I've been using this command to try and update the existing cluster with our wildcard cert. IE: *.cloudapps.example.com

ansible-playbook -i /root/.config/openshift/hosts /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/redeploy-certificates.yml --extra-vars "openshift_certificates_redeploy_ca=true"

the hosts file regarding this change looks like this with the domain changed:
openshift_master_cluster_public_hostname=lb.cloudapps.example.com
openshift_master_overwrite_named_certificates=true
openshift_master_named_certificates=[{"certfile": "/tmp/certs/fullpem.crt", "keyfile": "/tmp/cloudapps.example.com.key", "names": ["*.cloudapps.example.com"]}]

I've encoded the fullpem.crt as the following from top to bottom:
keyfile
wildcard cert
intermediate cert
root cert

Any help would be greatly appreciated!


C. Conor Flynn



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]