[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Trouble accessing docker image of openshift



All,

I tried downloading and setting up openshift on docker docker-engine-1.10.1-1 on centos7.  I used the following command to get up and running:

docker run -d --name "origin"         --privileged --pid=host --net=bridge -p 8443:8443         -v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys -v /var/lib/docker:/var/lib/docker:rw         -v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes     -h openshift.xxx.lan    openshift/origin start

When I try to go to the console on 8443 I get redirected to a 172 address and firefox complains that the SSL connection is broken:

Secure Connection Failed

An error occurred during a connection to openshift.xxxx.lan:8443. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. 

but when I check the connection I get the following:
[root openshift ~]# openssl s_client -connect 'openshift.tremolo.lan:8443'
CONNECTED(00000003)
depth=1 CN = openshift-signer 1455630818
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/CN=127.0.0.1
   i:/CN=openshift-signer 1455630818
 1 s:/CN=openshift-signer 1455630818
   i:/CN=openshift-signer 1455630818
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID8TCCAtugAwIBAgIBBjALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo
aWZ0LXNpZ25lckAxNDU1NjMwODE4MB4XDTE2MDIxNjEzNTM0MloXDTE4MDIxNTEz
NTM0M1owFDESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA8NVlc/xYxrdo6ucYHoCtKvAjTxyCfdsAPGBm/VHbFQ+qLEIn
6zk9eIKQ8kIHbm7xYFLFsvgBcmZwg6vf3NJoovaQREGqUo43Kuv2yk1NBVK5t3c9
bA4fmNJFCjy31JsoSyYm/ndsVatF0y5K8YlFzgyFyMoOuWGuMTiAZAKqHW307/QM
IHkmMBt6++tO04F2f9T2Z9h/V677iJ9QC7YiGF+KL9hM7F4S/dwQWiwPso4gMaQF
QdvXv9OZoRQ6/0YY/UnLJFoF/hfLt4oODu0GSMK9BAuS/67aJilexcSDXXGeSuIh
OgN79UAW70bbd+OR8AqxU3EjiE8P9LMb87EpwwIDAQABo4IBPjCCATowDgYDVR0P
AQH/BAQDAgCgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwggED
BgNVHREEgfswgfiCCmt1YmVybmV0ZXOCEmt1YmVybmV0ZXMuZGVmYXVsdIIWa3Vi
ZXJuZXRlcy5kZWZhdWx0LnN2Y4Ika3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVz
dGVyLmxvY2Fsgglsb2NhbGhvc3SCCW9wZW5zaGlmdIIRb3BlbnNoaWZ0LmRlZmF1
bHSCFW9wZW5zaGlmdC5kZWZhdWx0LnN2Y4Ijb3BlbnNoaWZ0LmRlZmF1bHQuc3Zj
LmNsdXN0ZXIubG9jYWyCCTEyNy4wLjAuMYIKMTcyLjE3LjAuMoIKMTcyLjMwLjAu
MYcEfwAAAYcErBEAAocErB4AATALBgkqhkiG9w0BAQsDggEBAAgxc6TRaCcT5jBP
Mj6K3CUkhN8S/3Us0gHIQ0ZYIvpzfi+HH9vUggS44E3I9OI2TN5pTZ0vDSbLMEva
VfvlZHsi4qlA/72rP50Gw+GMooofc8FHo08AXM2Lf/jE8/w88F4kXLZqVvnsQ/N4
bxSDg+0tydEAVoBopcvIyUj7QGFT7MT7icHe2ql6vnoXwZzeTLEKoNSk/NXlbLs8
IDW9bAa941SBYoVwyXsL5e4y7xqI4fKMX/gbF2FjAIwxa9PfeZKZ4bFNKY0b4LAr
Jl3NXbpbzmYlGqJwCBjY5JdOmXpjvkUv7ynYuV/ov65zz9RCfDp4CYDiZG80cgdj
Z1EmREE=
-----END CERTIFICATE-----
subject=/CN=127.0.0.1
issuer=/CN=openshift-signer 1455630818
---
Acceptable client certificate CA names
/CN=openshift-signer 1455630818
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2414 bytes and written 385 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 0F1D94EB43646490A6FAFE006BEC3149C48B8A11ACA71CD7B04FD6FA9EAFA0CC
    Session-ID-ctx: 
    Master-Key: 3885305A1D2D8CCFB59A8C535ED0FD23388E774B6262EEF848A5E6B916C2471D1171A87A07AAF7D981916E2F57DDB8A1
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    0000 - f9 2d fc 2d 20 77 06 2a-eb 9d 85 e1 ea 9f 3a 82   .-.- w.*......:.
    0010 - a1 c4 b2 10 89 ee 94 33-31 62 fe f4 44 3f e1 16   .......31b..D?..
    0020 - 4d af 2a 01 b6 f6 d2 62-b7 c2 a6 6c 75 d1 c3 a2   M.*....b...lu...
    0030 - 90 89 2f 22 eb 02 71 08-38 3b aa 7e ee 0f 39 ee   ../"..q.8;.~..9.
    0040 - 52 2e f2 1f 47 63 56 a8-65 79 01 7a ab 0d f7 de   R...GcV.ey.z....
    0050 - 13 b0 6c 49 58 23 46 dc-ec 00 9a 3c 95 3d 87 6c   ..lIX#F....<.=.l
    0060 - b2 da de d4 25 e6 94 87-                          ....%...

    Start Time: 1455632113
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

A couple of questions:
1.  Is there an environment variable I can set that lets me set the host name openshift console redirects to? (so i don't get redirected to an IP)
2.  Has anyone run into this issue with firefox?  Google seems to think its because firefox doesn't support the cipher.

Any help would be greatly appreciated.

Thanks
Marc

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]