Document URL: https://docs.openshift.com/container-platform/4.1/networking/ingress-operator.html#nw-ingress-setting-a-custom-default-certificate_configuring-ingress Section Number and Name: Setting a custom default certificate Describe the issue: https://bugzilla.redhat.com/show_bug.cgi?id=1712525 Suggestions for improvement: Place a note/warning on the docs that states "if replacing the default cert, it must be signed by a public CA already included in the ca bundle, as provided by RHEL/RHCOS". Additional information:
Minor nit: as provided by RHEL/RHCOS should really say as provided by the RHEL 7/8 UBI userspace. They are fundamentally one and the same as RHEL/RHCOS userspace, but what's important to denote here is that these certificates are not part of the host; but part of the container used in our deployment. Making the CA's unique to the container; and not something you can globally configure *(using system resources).
Pull request here: https://github.com/openshift/openshift-docs/pull/16476 Will merge and cherrypick to 4.1 and 4.2 ASAP. Setting release pending.
Changes are now live: https://docs.openshift.com/container-platform/4.1/networking/ingress-operator.html#nw-ingress-setting-a-custom-default-certificate_configuring-ingress Closing this bug as current release.