[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: router certificate question


------ Originalnachricht ------
Von: "Feld, Michael (IMS)" <FeldM imsweb com>
An: "users lists openshift redhat com" <users lists openshift redhat com>
Gesendet: 06.12.2017 14:29:27
Betreff: router certificate question

Hey all,

I have a cluster where we use an external HAProxy to terminate SSL and send traffic to the routers in the OpenShift cluster, so the routes within the cluster do not use TLS. It looks like when this cluster was setup, default certificates were given to the routers and are expiring soon (I get this when running the ansible easy-mode.yaml):

"router": [


"cert_cn": "OU=Domain Control Validated:, CN=*.<redacted>.com:, DNS:*. <redacted>.com, DNS: <redacted>.com",

          "days_remaining": 11,

          "expiry": "2017-12-17 20:13:24",

          "health": "warning",

          "path": "/api/v1/namespaces/default/secrets/router-certs",

          "serial": <redacted>,

          "serial_hex": "<redacted>"



My question is, is it OK to let this expire without taking any action? How can I safely remove the default certificates to remove the warnings in the future?
Well this depends on your opneshift version.
The default router have some secrets where the certs are or in a environment Variable.

Please can you provide us with the output of the following commands.

oc version
oc get secrets -n default # I assume you use the router in the default project
oc env dc/router -n default --list
oc describe dc router -n default


Best regards

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]