thanks for reply. I have made some investigation how it works and I have an idea.
We have problem with certification authority and we bought the new wildcard certificate.
I tried to change the certificate in the secured route but nothing happen. I dive into router
pod and I found this row
bind 127.0.0.1:10444 <http://127.0.0.1:10444> ssl no-sslv3 crt /etc/pki/tls/private/tls.crt crt /var/lib/haproxy/router/certs accept-proxy
In the /etc/pki/tls/private/tls.crt is the wildcard certificate for the domain rohlik.cz and in the directory /var/lib/haproxy/router/certs there
are three certificates. Two are the same as the default certificate and the last is the “new” certificate (wildcard certificate too).
In HAproxy documentation is written that certificates are picked in aplhabetical order.
If a directory name is used instead of a PEM file, then all files found in that directory will be loaded in alphabetic order unless their name ends with '.issuer' or '.ocsp' (reserved extensions). This directive may be specified multiple times in order to load certificates from multiple files or directories. The certificates will be presented to clients who provide a valid TLS Server Name Indication field matching one of their CN or alt subjects. Wildcards are supported, where a wildcard character '*' is used instead of the first hostname component (eg: *.example.org matches www.example.org but not www.sub.example.org).
When I delete environment settings from the
dc/router (the default certificate) and delete the other 2 certificates all starts working. Why ? Because the is only one certificate which matches and the
HAproxy picked up the correct.
In the openshift documentation there is no information how to change certificate. I can deploy new router with changed —default-certificate -
but - how can I correctly delete the old router ? I i tried this
oc delete dc/router svc/router rolebinding/router-router-role serviceaccounts/router secret/router-certs
deploymentconfig "router" deleted
service "router" deleted
serviceaccount "router" deleted
secret "router-certs" deleted
Error from server: rolebinding "router-router-role" not found
and creating is erroneous too
oadm router --default-cert=cert.new.pem
info: password for stats user admin has been set to AaTk1rxtyh
--> Creating router router ...
secret "router-certs" created
serviceaccount "router" created
error: rolebinding "router-router-role" already exists
deploymentconfig "router" created
service "router" created
How can I correctly delete the role binding and deploy the router correctly?
Dne 14. října 2016 v 10:13:28, Jim Minter (jminter redhat com) napsal/a: