Bug 1889841 - Missing detailed instruction for replacing the default ingress certificate
Summary: Missing detailed instruction for replacing the default ingress certificate
Keywords:
Status: NEW
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 4.5
Hardware: All
OS: All
unspecified
low
Target Milestone: ---
: ---
Assignee: Vikram Goyal
QA Contact: Xiaoli Tian
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-20 17:06 UTC by Shanna Chan
Modified: 2020-10-20 17:06 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Shanna Chan 2020-10-20 17:06:40 UTC
Document URL: https://docs.openshift.com/aro/4/authentication/certificates/replacing-default-ingress-certificate.html#replacing-default-ingress_replacing-default-ingress

Section Number and Name: 
Section Number: Replacing the default ingress certificate
1. Prerequisites: Need to add a comment about validating the format of the certs. Windows customer is mostly encounter issue with https://access.redhat.com/solutions/5220571
Add "Verify all certificates that include the "-----END CERTIFICATE-----" line and a carriage return is after that line."
2. Procedure step 1: "Create a ConfigMap that includes only the root CA certificate used to sign the wildcard certificate." This name example-ca.crt in the example is confusing. It should have .PEM extension for the TrustedCA.
3. Procedure step 1: "Create a ConfigMap that includes only the root CA certificate used to sign the wildcard certificate." It mentioned only "only the root CA certificate" which is incorrect. The TrustedCA will be the root CA or root CA concatenated with intermediate CA if any. (https://access.redhat.com/solutions/5287391)

Describe the issue: 
Replacing the default ingress can fail with authentication error when cert is not correct.

Suggestions for improvement: 

In the details above
Additional information:


Note You need to log in before you can comment on or make changes to this bug.