Red Hat Bugzilla – Bug 985952
unknown issuer or CA when adding ssl cert to openshift online
Last modified: 2013-08-07 18:55:38 EDT
Description of problem:
After purchasing and installing a UCC SSL certificate from GoDaddy and installing the cert, bundle and key into the alias configuration, an SSL connection is possible , but the bundle/chain doesnt appear to be installed correctly. All tools used to validate report an unknown issuer or CA, due to lack of a valid intermediate chain certificate.
Version-Release number of selected component (if applicable):
How reproducible: always
Steps to Reproduce:
1. Go to add a custom SSL cert
2. Fill out the form / upload the files
3. Test connection
SSL Connection is possible but validation fails
SSL cert should be uploaded correctly / combined properly
1. Combine the certificate with the bundle into one file
2. Upload that file as the certificate
3. Do not upload any file for the chain file
4. Upload key file
5. Enter passphrase, and hit submit
1. Open your certificate and chain file in a text editor.
2. Copy all of the contents from your chain file and paste them directly below the -----END CERTIFICATE----- line in your certificate.
3. Save the certificate file
4. Use this file to upload as the certificate
5. Do NOT choose to upload a bulk/chain file
6. Upload your private key file
7. Enter the certificate passphrase if you have one
8. Click save.
Waiting on customer response through the Red Hat Customer Portal.
Pull request: https://github.com/openshift/origin-server/pull/3232
Commits pushed to master at https://github.com/openshift/origin-server
Bug 985952 - strip certificate content when appending chain
Bug 985952 - should not touch certificate if chain was not provided
Tested on devenv-stage_429, the crt can be added successfully when combining the chain file to the crt file, so verify this bug ,thanks.