Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:
100%

Steps to Reproduce:
1. Start with clean RHEL7.4 VM and follow OCP install directions
2.
3.

Actual results:

The step to install the service-catalog hangs and eventually fails with the below error:

F1214 16:49:05.104842       1 controller_manager.go:198] error running controllers: failed to get supported resources from server: unable to retrieve the complete list of server APIs: servicecatalog.k8s.io/v1beta1: an error on the server ("Error: 'x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"service-catalog-signer\")'\nTrying to reach: 'https://172.30.248.218:443/apis/servicecatalog.k8s.io/v1beta1'") has prevented the request from succeeding

I've got a new VM and I am trying to install OCP3.7 and running into a problem (see below). I ran into so many problems trying to upgrade from 3.6 that I gave up and am starting fresh. Looks like the certificate for the service-catalog isn't signed properly and the install check is failing. If I hit that URL via the browser, I am getting the same error for an invalid certificate (if I add a exception in the browser I get the correct results so the pod is running). This is preventing the install from succeeding.

Expected results:
Install succeeds

Additional info:
Please attach logs from ansible-playbook with the -vvv flag