Description of problem: After purchasing and installing a UCC SSL certificate from GoDaddy and installing the cert, bundle and key into the alias configuration, an SSL connection is possible , but the bundle/chain doesnt appear to be installed correctly. All tools used to validate report an unknown issuer or CA, due to lack of a valid intermediate chain certificate. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. Go to add a custom SSL cert 2. Fill out the form / upload the files 3. Test connection Actual results: SSL Connection is possible but validation fails Expected results: SSL cert should be uploaded correctly / combined properly Additional info: Workaround: 1. Combine the certificate with the bundle into one file 2. Upload that file as the certificate 3. Do not upload any file for the chain file 4. Upload key file 5. Enter passphrase, and hit submit Combine Process: 1. Open your certificate and chain file in a text editor. 2. Copy all of the contents from your chain file and paste them directly below the -----END CERTIFICATE----- line in your certificate. 3. Save the certificate file 4. Use this file to upload as the certificate 5. Do NOT choose to upload a bulk/chain file 6. Upload your private key file 7. Enter the certificate passphrase if you have one 8. Click save.
Waiting on customer response through the Red Hat Customer Portal.
Pull request: https://github.com/openshift/origin-server/pull/3232
Commits pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/86417253196d6caa23e192a53fb767debbbc3b06 Bug 985952 - strip certificate content when appending chain https://github.com/openshift/origin-server/commit/672edbaca33aa8ddbecb4b498b19fb7dab4078da Bug 985952 - should not touch certificate if chain was not provided
Tested on devenv-stage_429, the crt can be added successfully when combining the chain file to the crt file, so verify this bug ,thanks.