Bug 1063470

Summary: Web console doesn't properly apply SSL Certificate Chain files for DigiCert SSL certs
Product: OpenShift Online Reporter: Robb Hamilton <rhamilto>
Component: WebsiteAssignee: Fabiano Franz <ffranz>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 2.xCC: erich, sparks, wsun, yujzhang
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-12 03:07:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robb Hamilton 2014-02-10 19:37:21 UTC 
Description of problem:  While applying my SSL cert for alias www.patternfly.org, I attempted to upload the SSL Certificate Chain file (intermediate cert) via the SSL Certificate Chain field in the SSL Certificate form of app/console/application/52cb1f7fe0b8cd006000008d-site/alias/www.patternfly.org/edit.  This resulted in an invalid configuration per DigiCert's SSL Installation Diagnostics Tool.  Per ffranz's suggestion, I appended the contents of the SSL Cert Chain file to the end of the SSL Certificate file, and configuration was then correct per the diagnostic tool.
Comment 1 Yujie Zhang 2014-02-12 02:49:01 UTC 
QE will update our cases according to your description, thanks.
Comment 2 openshift-github-bot 2014-02-12 06:44:56 UTC 
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/1e2aec57e188d3c15f316e226b8c29e58ee8ae20
Bug 1063470 - handle different encodings in files provided by ssl cert issuers
Comment 3 Fabiano Franz 2014-02-12 12:49:48 UTC 
Fixed in https://github.com/openshift/origin-server/pull/4739
Comment 4 Yujie Zhang 2014-02-13 07:21:38 UTC 
Tested on devenv_4370, added the ssl chain file to the "SSL Certificate Chain
" form with correct cert, the chain file can be added successfully, so verify this bug, thanks.
Comment 5 Eric Rich 2014-02-14 22:06:44 UTC 
*** Bug 1034932 has been marked as a duplicate of this bug. ***