Document URL: https://docs.openshift.com/container-platform/3.6/install_config/redeploying_certificates.html#redeploying-new-custom-ca Section Number and Name: Redeploying a New or Custom OpenShift Container Platform CA Describe the issue: To use custom CA, we have specified below information in the documentation: <snip> To redeploy a newly generated or custom CA: If you want to use a custom CA, set the following variable in your inventory file: openshift_master_ca_certificate={'certfile': '</path/to/ca.crt>', 'keyfile': '</path/to/ca.key>'} </snip> However, we haven't specified about certificate bundles. We should add a line stating the 'certfile' could be a certificate bundle and also provide the command to create a certificate bundle. If the CA certificate is issued by an intermediate CA, in that case bundle must contain the intermediate and root certificates for the CA we use in order to validate child certificates. Suggestions for improvement: This should look like: <snip> To redeploy a newly generated or custom CA: If you want to use a custom CA, set the following variable in your inventory file: openshift_master_ca_certificate={'certfile': '</path/to/ca.crt>', 'keyfile': '</path/to/ca.key>'} If the CA certificate is issued by an intermediate CA, in that case bundle must contain the intermediate and root certificates for the CA we use in order to validate child certificates. </snip> Additional information: For more information, refer the below bugzilla which has more details about this: https://bugzilla.redhat.com/show_bug.cgi?id=1530312#c8 Document URL: Section Number and Name: Describe the issue: Suggestions for improvement: Additional information:
@Suresh Please take a look: https://github.com/openshift/openshift-docs/pull/8597
PR lgtm, move it to verified.
Changes are live: https://docs.openshift.com/container-platform/3.9/install_config/redeploying_certificates.html#redeploying-new-custom-ca
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days