Document URL: https://docs.openshift.com/aro/4/authentication/certificates/replacing-default-ingress-certificate.html#replacing-default-ingress_replacing-default-ingress
Section Number and Name:
Section Number: Replacing the default ingress certificate
1. Prerequisites: Need to add a comment about validating the format of the certs. Windows customer is mostly encounter issue with https://access.redhat.com/solutions/5220571
Add "Verify all certificates that include the "-----END CERTIFICATE-----" line and a carriage return is after that line."
2. Procedure step 1: "Create a ConfigMap that includes only the root CA certificate used to sign the wildcard certificate." This name example-ca.crt in the example is confusing. It should have .PEM extension for the TrustedCA.
3. Procedure step 1: "Create a ConfigMap that includes only the root CA certificate used to sign the wildcard certificate." It mentioned only "only the root CA certificate" which is incorrect. The TrustedCA will be the root CA or root CA concatenated with intermediate CA if any. (https://access.redhat.com/solutions/5287391)
Describe the issue:
Replacing the default ingress can fail with authentication error when cert is not correct.
Suggestions for improvement:
In the details above