If iOS Safari does not trust the console certificate, it blocks WebSockets. This causes console to only show a white screen since we rely on WebSockets for API discovery using GraphQL.
=== Below are steps checked against 4.7.0-0.ci-2020-10-12-222453 1. Add self-signed certificate using below steps Part I: Set a custom default certificate for ingress 1. Create a Secret resource containing the custom certificate in the openshift-ingress namespace using the generated apps.crt and apps.key files in Setup(refer to steps in Setup) $ oc --namespace openshift-ingress create secret tls custom-certs-default --cert=/path/to/self-signed/apps.crt --key=/path/to/self-signed/apps.key secret/custom-certs-default created 2. Update the IngressController CR to reference the new certificate secret: $ oc patch --type=merge --namespace openshift-ingress-operator ingresscontrollers/default --patch '{"spec":{"defaultCertificate":{"name":"custom-certs-default"}}}' ingresscontroller.operator.openshift.io/default patched 3. Verify the update was effective: $ oc get --namespace openshift-ingress-operator ingresscontrollers/default --output jsonpath='{.spec.defaultCertificate}' Part II: Add your privately signed CA certificates as trustedCA 4. Create a ConfigMap with root CA pem $ oc create configmap user-ca-bundle --from-file=ca-bundle.crt=/path/to/ca.pem -n openshift-config 5. Edit Proxy project spec.trustedCA to include your privately signed CA certificates $ oc edit proxy cluster ..... spec: trustedCA: name: user-ca-bundle Part III: Wait until all ingress, console pods are restarted Part IV: Verify new console is working correctly, I can verify that new console is using self-signed certificate by viewing certificate info in browser address bar with Chrome/FF/MacOS Safari 2. Then visit console route on iOS Safari, didn't trust the certificate and a blank page is returned A dialog will be prompted: Cannot Verify Server Identify The identity of "console-openshift-console.apps.qe-xxxx.qe.devcluster.openshift.com" cannot be verified by Safari. Review the certificate details to continue Click 'Continue'(didn't view Details and Trust), then a blank page is returned Then I tried to visit a 46 cluster with default signing certificate, also didn't trust the certificate, a blank page is returned @Rastislav Wagner Could you help confirm my verification steps and let me know if there is anything wrong.
maybe the CI build does not contain the fix yet ? Your steps looks good to me.. I went with this guide https://github.com/openshift/console#deploying-a-custom-image-to-an-openshift-cluster - deployed my own custom image based on latest master and iOS worked.
Moving to VERIFIED since iPhone6, 11 and iPad 6 works after following steps in comment 2 to specify custom certificate Verified on 4.7.0-0.nightly-2020-10-21-001511
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633