Bug 1702617 - oauthproxy HTTP 500 error when logging into Kibana - x509: certificate signed by unknown authority
Summary: oauthproxy HTTP 500 error when logging into Kibana - x509: certificate signed...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.11.z
Assignee: Jeff Cantrill
QA Contact: Anping Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-04-24 09:39 UTC by Robert Sandu
Modified: 2019-05-01 17:15 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-01 17:15:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Robert Sandu 2019-04-24 09:39:00 UTC 
Description of problem:

After running the redeploy-certificates.yml playbook, Kibana dashboard login returns an HTTP 500 error every time a login is tried.

The kibana-proxy container sees the oauth server certificate as signed by an unknown authority:

2019/04/10 14:34:46 oauthproxy.go:649: error redeeming code (client:10.221.8.1:39402): Post https://osm-dev.vkbads.de:443/oauth/token: x509: certificate signed by unknown authority
2019/04/10 14:34:46 oauthproxy.go:439: ErrorPage 500 Internal Error Internal Error

Version-Release number of selected component (if applicable): v3.11.88

How reproducible: haven't been able to reproduce in lab environment.

Actual results: Kibana dashboard login returns an HTTP 500 error.

Expected results: Kibana dashboard login to work after certificates redeployment.

Additional info:

- Both api and router certs were redeployed by the customer.
- Both router and api certificates are signed by the same CA.
- The redeploy-certificates.yml playbook was run, but not redeploy-openshift-ca.yaml.
Comment 6 Robert Sandu 2019-05-01 07:07:57 UTC 
Hi.

This was solved after following [1] and running again redeploy-certificates.yml.

---

[1] https://access.redhat.com/solutions/4001791
Comment 7 Jeff Cantrill 2019-05-01 17:15:04 UTC 
Closing per #c6
Note You need to log in before you can comment on or make changes to this bug.