1396123 – Some certificates getting duplicated in "OPENSHIFT_CA_DATA" var when router deployed with new pem

Bug 1396123 - Some certificates getting duplicated in "OPENSHIFT_CA_DATA" var when router deployed with new pem [NEEDINFO]

Summary: Some certificates getting duplicated in "OPENSHIFT_CA_DATA" var when router d...

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	3.2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	---
Assignee:	Ben Bennett
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-17 13:41 UTC by Miheer Salunke
Modified:	2022-08-04 22:20 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-01-17 14:41:32 UTC
Target Upstream Version:
Flags:	bbennett: needinfo? (misalunk)

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Comment 7 Ben Bennett 2016-11-18 13:57:41 UTC

Is the router actually serving the wrong cert when you hit it?
  openssl s_client -connect your.router.here:443

As Jordan said, the  OPENSHIFT_CA_DATA is used to authenticate the master to the clients to make sure no one is messing with the internal API server traffic.

You can unpack the ha-router-primary-certs secret to see what that contains (since that is what we use in haproxy for the default cert).

Comment 8 Ben Bennett 2017-01-17 14:41:32 UTC

Closing since there has been no update for two months and it looked like misconfiguration.

Note You need to log in before you can comment on or make changes to this bug.