Red Hat Bugzilla – Bug 1310844
generated certificate for google compute engine (gce) wrong
Last modified: 2016-07-03 20:46:58 EDT
Created attachment 1129465 [details]
Description of problem:
The automatically generated certificate from openshift-ansibe playbook when installing on GCE is wrong. Firefox 44 and Chrome refuse to connect. Will attach the certificate files.
I suspect it is related to GCE using domain names containing only numbers, e.g. 245.36.148.146.bc.googleusercontent.com
I wonder if it's worth filing a firefox issue or if there's any place to report that to google.
I'm also wondering how to workaround for testing purposes. I may try using plain IP although that's ugly and SSH configuration not that nice.
Version-Release number of selected component (if applicable):
error from browser:
245.36.148.146.bc.googleusercontent.com:8443 uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: sec_error_unknown_issuer)
Created attachment 1129466 [details]
Created attachment 1129467 [details]
One detail, in inventory I used:
> 245.36.148.146.bc.googleusercontent.com openshift_public_hostname=245.36.148.146.bc.googleusercontent.com
That means specifying `openshift_public_hostname`.
is there any option to disable invalid certificates so that the IPs and bad hostnames are not included in certificate?
To clarify I don't see a way to create an accessible web console when there is no good DNS name for the environment console endpoint.
Very strange, I cannot reproduce today. I only know that yesterday I used a hardcoded version while today I'm using "latest" but I can't tell what version was in use yesterday. Will reopen if I manage to reproduce with any relevant version.