Document URL: https://access.redhat.com/documentation/en/openshift-container-platform/3.4/single/installation-and-configuration/#securing-the-registry Section Number and Name: 3.4.1 Securing the Registry Describe the issue: With OCP 3.4 registry is secured bydefault with self-signed certs. We need to add a section in this if anyone wants to replace these self-signed certs with their named certificates. Suggestions for improvement: Below are the steps that can be added : cd /etc/origin/master/named_certificates/ ln -s cert_without_key.pem registry.crt ln -s www_sslcertificaten.key registry.key oc secrets unlink default registry-certificates oc secrets unlink registry registry-certificates oc secrets new registry-secret /etc/origin/master/named_certificates/registry.crt /etc/origin/master/named_certificates/registry.key oc secrets link registry registry-secret oc secrets link default registry-secret Get the name of the volume : oc describe dc docker-registry | grep volume oc volume dc/docker-registry --remove --name=volume-r8dfe oc volume dc/docker-registry --add --type=secret --secret-name=registry-secret -m /etc/secrets Additional information:
We don't need to unlink/link, or create new secret under different name. It's simpler to recreate registry-certificates secret and perform redeploy. oc delete secret registry-certificates oc secrets new registry-certificates ...... oc rollout latest docker-registry
This information is currently available here: https://docs.openshift.com/container-platform/3.4/install_config/redeploying_certificates.html#redeploying-custom-registry-or-router-certificates