Bug 1889841

Summary: Missing detailed instruction for replacing the default ingress certificate
Product: OpenShift Container Platform Reporter: Shanna Chan <shchan>
Component: DocumentationAssignee: Vikram Goyal <vigoyal>
Status: CLOSED DUPLICATE QA Contact: Xiaoli Tian <xtian>
Severity: low Docs Contact: Vikram Goyal <vigoyal>
Priority: unspecified    
Version: 4.5CC: aos-bugs, jokerman, molasaga
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-15 15:10:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Shanna Chan 2020-10-20 17:06:40 UTC 
Document URL: https://docs.openshift.com/aro/4/authentication/certificates/replacing-default-ingress-certificate.html#replacing-default-ingress_replacing-default-ingress

Section Number and Name: 
Section Number: Replacing the default ingress certificate
1. Prerequisites: Need to add a comment about validating the format of the certs. Windows customer is mostly encounter issue with https://access.redhat.com/solutions/5220571
Add "Verify all certificates that include the "-----END CERTIFICATE-----" line and a carriage return is after that line."
2. Procedure step 1: "Create a ConfigMap that includes only the root CA certificate used to sign the wildcard certificate." This name example-ca.crt in the example is confusing. It should have .PEM extension for the TrustedCA.
3. Procedure step 1: "Create a ConfigMap that includes only the root CA certificate used to sign the wildcard certificate." It mentioned only "only the root CA certificate" which is incorrect. The TrustedCA will be the root CA or root CA concatenated with intermediate CA if any. (https://access.redhat.com/solutions/5287391)

Describe the issue: 
Replacing the default ingress can fail with authentication error when cert is not correct.

Suggestions for improvement: 

In the details above
Additional information:
Comment 1 Mikel Olasagasti 2021-06-15 15:10:23 UTC 

*** This bug has been marked as a duplicate of bug 1889842 ***