Description of problem: Hello Team I want to try install the OCP 4.6.1 on restricted network env I downloaded the latest oc-4.6.1 and run the command to mirror the image to my registry oc adm -a ${LOCAL_SECRET_JSON} release mirror \ --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \ --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \ --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE} There will had an error error: unable to connect to bastion.offline.nielasaran.com:5000/ocp4/openshift4: Get "https://bastion.offline.nielasaran.com:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0 error: unable to connect to bastion.offline.nielasaran.com:5000/ocp4/openshift4: Get "https://bastion.offline.nielasaran.com:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0 error: unable to connect to bastion.offline.nielasaran.com:5000/ocp4/openshift4: Get "https://bastion.offline.nielasaran.com:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0 I change the older oc client and run the same command Client Version: 4.5.17 there is no error and can push image to my registry successful uploading: bastion.offline.nielasaran.com:5000/ocp4/openshift4 sha256:4b6f6ef90774c721adfe83bcdedd1272da05f0cbffd9dcf680268191e7c175a7 15.96MiB uploading: bastion.offline.nielasaran.com:5000/ocp4/openshift4 sha256:edc9206498ac175ac3515939b658dd571cf2e82fc715d174cd734668895c85e3 144.4MiB uploading: bastion.offline.nielasaran.com:5000/ocp4/openshift4 sha256:908d8f6838386bde97caaf44646046bf845be72602706b3bbbcdfa9fc6ffe3be 30.53MiB uploading: bastion.offline.nielasaran.com:5000/ocp4/openshift4 sha256:212e26707630d732639c917da45cb27b2a80ea2c6d72c264c23377b99205f1ea 44.11MiB uploading: bastion.offline.nielasaran.com:5000/ocp4/openshift4 sha256:cd8a792a8053ad6912421081db7f6efc0f99b86d6f38f9fcf6db7af151c4c286 81.88MiB uploading: bastion.offline.nielasaran.com:5000/ocp4/openshift4 sha256:1e9b9f2a0bad73ecb0103980312c598ef3d14823625cfcc1b8e764c2eb20a044 16.2MiB Please help check thanks
The local registry follow the docs to setup https://docs.openshift.com/container-platform/4.2/installing/install_config/installing-restricted-networks-preparations.html#installation-creating-mirror-registry_installing-restricted-networks-preparations
Hi @Yaoli, this issue is due to an update with Golang 1.15 (that is used to build latest oc). Golang has deprecated the ability to use certificates without SAN without adding an extra variable: GODEBUG=x509ignoreCN=0 You can either precede each oc command that depends on a certificate like so: GODEBUG=x509ignoreCN=0 oc adm -a ${LOCAL_SECRET_JSON} release mirror \ --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \ --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \ --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE} Or, update your local registry to use a certificate with SAN (and the documentation you linked above needs to be updated). I will discuss with the docs and workloads team to determine which option we should outline in the docs (the env var, or the certificate with SAN). This is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1889204 so I'm marking this as duplicate bug. *** This bug has been marked as a duplicate of bug 1889204 ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days