Description of problem: Openshift console sends only one cert on connection, assuming the user has the same CA file as the one used in openshift-ansible's "cafile" param of "openshift_master_named_certificates" variable Version-Release number of selected component (if applicable): 3.4.0 How reproducible: Always Steps to Reproduce: 1. Prepare a root_ca.crt and full_chain.crt 2. Setup openshift via openshift-ansible having: openshift_master_named_certificates: - certfile: "server.crt" keyfile: "server.key" cafile: "full_chain.crt" 3. Run "openssl s_client -connect console.example.com:8443 -CAfile root_ca.crt" Actual results: Command fails with 'unable to verify the first certificate' Expected results: Command passes with 'ok' Additional info: If a full_chain.crt is used openssl command works fine
the intermediate chain has to be included in the server cert. the CA file should just contain the roots.