Hide Forgot
Document URL: https://docs.openshift.com/enterprise/3.2/install_config/advanced_ldap_configuration/sssd_for_ldap_failover.html Section Number and Name: sssd-phase-1-certificate-generation Describe the issue: It is unclear, first off, why the `oadm ca create-server-cert` is shown twice, nearly identically. Additionally, there are directions to create a ca to sign the cert but no example of how to do this. Step 2 in this section does not have a code example (I think it should be the oadm ca create-server-cert command but I am not certain). Generally, this section is not clear and could use a rework of the step-by-step directions. Suggestions for improvement: Additional information:
I *believe* the steps should look something like this: mkdir -p /etc/origin/proxy/ oadm ca create-signer-cert \ --cert='/etc/origin/proxy/proxyca.crt' \ --key='/etc/origin/proxy/proxyca.key' \ --name='openshift-proxy-signer@UNIQUESTRING' \ --serial='/etc/origin/proxy/proxyca.serial.txt' (making UNIQUESTRING a unique string, of course) Followed by: oadm ca create-server-cert \ --cert='/etc/origin/proxy/proxy.example.com.crt' \ --key='/etc/origin/proxy/proxy.example.com.key' \ --hostnames=proxy.example.com,1.2.3.4 \ --signer-cert=/etc/origin/proxy/proxyca.crt \ --signer-key='/etc/origin/proxy/proxyca.key' \ --signer-serial='/etc/origin/proxy/proxyca.serial.txt' By doing it in this order (rather than the order listed originally in the docs), you create a certificate authority which then signs the server cert. If you want I can pretty this up and work on a PR if I get some free time as well
These updates were recently addressed in response to a customer request: https://github.com/openshift/openshift-docs/pull/2970 Asking QE to verify this work.
Check with openshift v3.2.2.0, all work fine.
Thank you for verifying! This content was previously published at: https://access.redhat.com/documentation/en/openshift-container-platform/3.3/paged/installation-and-configuration/chapter-14-advanced-ldap-configuration#setting-up-for-ldap-failover