Bug 1310844
| Summary: | generated certificate for google compute engine (gce) wrong | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | OKD | Reporter: | Aleksandar Kostadinov <akostadi> | ||||||||
| Component: | Installer | Assignee: | Jason DeTiberus <jdetiber> | ||||||||
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Ma xiaoqiang <xiama> | ||||||||
| Severity: | low | Docs Contact: | |||||||||
| Priority: | unspecified | ||||||||||
| Version: | 3.x | CC: | aos-bugs, cryan, mmccomas, pruan, xtian | ||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2016-02-23 10:37:34 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
Created attachment 1129466 [details]
server.crt
Created attachment 1129467 [details]
server.key
One detail, in inventory I used:
> 245.36.148.146.bc.googleusercontent.com openshift_public_hostname=245.36.148.146.bc.googleusercontent.com
That means specifying `openshift_public_hostname`.
is there any option to disable invalid certificates so that the IPs and bad hostnames are not included in certificate? To clarify I don't see a way to create an accessible web console when there is no good DNS name for the environment console endpoint. Very strange, I cannot reproduce today. I only know that yesterday I used a hardcoded version while today I'm using "latest" but I can't tell what version was in use yesterday. Will reopen if I manage to reproduce with any relevant version. |
Created attachment 1129465 [details] ca.crt Description of problem: The automatically generated certificate from openshift-ansibe playbook when installing on GCE is wrong. Firefox 44 and Chrome refuse to connect. Will attach the certificate files. I suspect it is related to GCE using domain names containing only numbers, e.g. 245.36.148.146.bc.googleusercontent.com I wonder if it's worth filing a firefox issue or if there's any place to report that to google. I'm also wondering how to workaround for testing purposes. I may try using plain IP although that's ugly and SSH configuration not that nice. Version-Release number of selected component (if applicable): current latest How reproducible: always error from browser: 245.36.148.146.bc.googleusercontent.com:8443 uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: sec_error_unknown_issuer)