Bug 1412799 - HAProxy re-encrypt route returns 503 when certificate is expired
Summary: HAProxy re-encrypt route returns 503 when certificate is expired
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 3.3.1
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Ben Bennett
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-12 20:03 UTC by Sten Turpin
Modified: 2017-09-14 15:43 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-30 19:24:21 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Sten Turpin 2017-01-12 20:03:48 UTC
Description of problem: When a re-encrypt route's destinationCAcertificate expires, the route returns 503s with no further explanation 


Version-Release number of selected component (if applicable):  3.3.1.3-1.git.0.86dc49a


How reproducible: always


Steps to Reproduce:
1. Create a re-encrypt route with an expired destinationCAcertificate


Actual results:
route returns 503 with no indication that the certificate is expired


Expected results:
the user should be notified that their certificate is expired 


Additional info:

Comment 1 Ben Bennett 2017-01-13 15:06:13 UTC
Is there anything in the router pod log?

Ram, do the extended validation changes we are backporting fix this?

Comment 2 Ram Ranganathan 2017-01-23 19:05:06 UTC
Depends on where the error is coming from. @Sten, what does
$ oc get route <route-name> -o yaml 
say? 

Does it say something like extended validation failed for the certificate. 
If that's the case, @Ben then this is fixed with the backports for the extended validation changes to 3.2 and 3.3

Otherwise, its something else we need to look at. Thx

Comment 3 Ben Bennett 2017-01-30 19:24:21 UTC
Closing due to inactivity.  If it is still happening, please re-open and provide the requested information.

Comment 4 Sten Turpin 2017-09-14 15:43:32 UTC
We haven't seen this issue since ~3.3


Note You need to log in before you can comment on or make changes to this bug.