Bug 1310266
Summary: | https using letsencrypt has B rating - chain incomplete | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Rory Thrasher <rthrashe> |
Component: | Containers | Assignee: | Sally <somalley> |
Status: | CLOSED ERRATA | QA Contact: | DeShuai Ma <dma> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 2.2.0 | CC: | aos-bugs, dma, jialiu, jokerman, lmeyer, lucas0033, mmccomas, somalley, wjiang, xtian |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | rubygem-openshift-origin-node-1.38.5.2-1.el6op rubygem-openshift-origin-console-1.35.5.1-1.el6op rubygem-openshift-origin-frontend-apache-vhost-0.13.1-1.el6op | Doc Type: | Bug Fix |
Doc Text: |
Cause: Web-console used to have an intermediate 'Certificate Chain' field. The cert files were then internally concatenated. SSL certificate providers often issue a 'fullchain.pem' file (or similar) that was confusing to users who didn't know whether to use this file or the non-concatenated files. Finally, the rhc tool to upload SSL certs does not include an 'cert chain' option, when using the rhc tool users have always been required to supply concatenated cert file.
Consequence: Users were getting a 'B rating' and/or 'chain incomplete' warning unless they used the 'fullchain.pem' file.
Fix: Removed SSL Certificate Chain Field from web console. Documented that the user must concatenate SSL cert files into a single file to upload, or upload the already-concatenated file included in the SSL certificate from the SSL certificate provider. Also documented how users should manually concatenate the cert files if the SSL cert provider did not provide a concatenated file.
Result: rhc tool now matches web console. Uploading SSL certs process has been clarified for users.
|
Story Points: | --- |
Clone Of: | 1281901 | Environment: | |
Last Closed: | 2016-03-22 16:54:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1281901 | ||
Bug Blocks: |
Description
Rory Thrasher
2016-02-19 22:33:35 UTC
Checked with puddle http://etherpad.corp.redhat.com/puddle-2-2-2016-02-19, and the Certificate Chain Field has been removed. Also prompt user to upload a cert to concatenate primary and intermediate certs into a single file. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-0489.html |