[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Configuring custom certs

So I found the reason whey the server wasn't starting - the certs need to be copied to the directory where the configurations are. I was pointing to them from a different location.

But I'm still not able to get the custom certs working.
If I define them in the assetConfig.ServingInfo section then the server starts, but the web console doesn't use them. If I define them in the servingInfo section (just change the certFile, clientCA and keyFile props) then the server doesn't start.

Is there a description of what all these certificates are used for and how to use custom certificates anywhere?


On 28/07/2017 13:30, Cesar Wong wrote:
Hi Tim,

You may want to enable additional logging by running 'oc cluster up --loglevel=5 --server-loglevel=5

If the origin container can't start, there's something wrong with the master-config.yaml (could be as simple as a formatting issue)

On Jul 28, 2017, at 6:17 AM, Tim Dudgeon <tdudgeon ml gmail com> wrote:

I'm trying to work out how to deploy custom certificates so that the OS console doesn't complain about untrested certs.
I've obtained certificates using Let's Encrypt, so have the following files:
cert.pem chain.pem fullchaim.pem privkey.pem

Now I try to update my master-config.yaml to use these.
I was thinking that the minimum needed would be to edit:

assetConfig.ServingInfo.certFile to point to fullchain.pem

assetConfig.ServingInfo.keyFile to point to privkey.pem

and leave assetConfig.ServingInfo.clientCA as empty.

I made no other changes.

Unfortunately this does not work. oc cluster up fails badly without saying much that is useful:

Starting OpenShift using openshift/origin:v3.6.0-rc.0 ...
-- Checking OpenShift client ... OK
-- Checking Docker client ... OK
-- Checking Docker version ... OK
-- Checking for existing OpenShift container ...
  Deleted existing OpenShift container
-- Checking for openshift/origin:v3.6.0-rc.0 image ... OK
-- Checking Docker daemon configuration ... OK
-- Checking for available ports ... OK
-- Checking type of volume mount ...
  Using nsenter mounter for OpenShift volumes
-- Creating host directories ... OK
-- Finding server IP ...
  Using as the server IP
-- Starting OpenShift container ...
  Starting OpenShift using container 'origin'
  Error: could not start OpenShift container "origin"
  No log available from "origin" container

Any pointers to how to do this correctly?


users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]