[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: web interface certificate ignored



Hi folks,

On 3/26/19 4:48 PM, Harald Dunkel wrote:

Problem is: I see all certificates in /etc/origin/master and
especially /etc/origin/master/named_certificates, but apparently
the web interface doesn't use it. openssl tells me:

% openssl s_client -connect okd01.example.com:8443
depth=1 CN = openshift-signer 1553169466
verify error:num=19:self signed certificate in certificate chain
CONNECTED(00000003)
---
Certificate chain
  0 s:/CN=172.19.96.96
    i:/CN=openshift-signer 1553169466
  1 s:/CN=openshift-signer 1553169466
    i:/CN=openshift-signer 1553169466
---
:
:

This seems to come up only, if the web browser runs in the same subnet
as the web interface. If the browser runs in another subnet (e.g. on
my laptop connected via IPsec), then I see the expected certificate
chain.

Every helpful comment is highly appreciated
Harri


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]