Backported https://github.com/openshift/origin/pull/11217 to  OSE 3.3
The OSE 3.3 specific PR is: https://github.com/openshift/ose/pull/578

since this PR https://github.com/openshift/ose/pull/578 has not been merged. so mark this bug to 'assigned' for now. feel free to change back to 'ON_QA' once it is merged to OCP 3.3

This has been merged into ocp and is in OCP v3.3.1.13 or newer.

hi, tested this bug on OCP v3.3.1.13 , the router cannot be running with the following logs.

E0209 07:13:26.497584       1 ratelimiter.go:52] error creating config file /var/lib/haproxy/conf/cert_config.map: open /var/lib/haproxy/conf/cert_config.map: permission denied

@Troy, that looks the Dockerfile changes were not picked up. There is a change to the 
Dockerfile to touch/create the cert_config.map file. Thx

@Ram
You are correct.  I'm sorry about that.
I have updated the Dockerfile, making sure it's correct and rebuilt the image.
openshift3/ose-haproxy-router:v3.3.1.13-3
It should be available in all the usual testing areas.

Verified this bug on 3.3.1.13 with haproxy image id(726deac0cf76), it works well

steps:

1. Create app and edge/reencrypt route with custom cert
2. Check the route can work well
3. check the cert_config.map in haproxy pod
  cat cert_config.map 
/var/lib/haproxy/router/certs/z1_reencrypt-route-no-path.pem reen.example.com
/var/lib/haproxy/router/certs/z1_edge-route-no-path.pem edge.example.com

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0289

*** Bug 1428233 has been marked as a duplicate of this bug. ***