Bug 985952 - unknown issuer or CA when adding ssl cert to openshift online
unknown issuer or CA when adding ssl cert to openshift online
Status: CLOSED CURRENTRELEASE
Product: OpenShift Online
Classification: Red Hat
Component: Website (Show other bugs)
1.x
All All
medium Severity medium
: ---
: ---
Assigned To: Fabiano Franz
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-18 11:04 EDT by Nick Harvey
Modified: 2013-08-07 18:55 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-07 18:55:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nick Harvey 2013-07-18 11:04:51 EDT
Description of problem:
After purchasing and installing a UCC SSL certificate from GoDaddy and installing the cert, bundle and key into the alias configuration, an SSL connection is possible , but the bundle/chain doesnt appear to be installed correctly. All tools used to validate report an unknown issuer or CA, due to lack of a valid intermediate chain certificate.

Version-Release number of selected component (if applicable):


How reproducible: always



Steps to Reproduce:
1. Go to add a custom SSL cert
2. Fill out the form / upload the files
3. Test connection

Actual results:
SSL Connection is possible but validation fails


Expected results:
SSL cert should be uploaded correctly / combined properly


Additional info:
Workaround:

1. Combine the certificate with the bundle into one file
2. Upload that file as the certificate
3. Do not upload any file for the chain file
4. Upload key file
5. Enter passphrase, and hit submit

Combine Process:
1. Open your certificate and chain file in a text editor. 
2. Copy all of the contents from your chain file and paste them directly below the -----END CERTIFICATE----- line in your certificate. 
3. Save the certificate file
4. Use this file to upload as the certificate
5. Do NOT choose to upload a bulk/chain file
6. Upload your private key file
7. Enter the certificate passphrase if you have one
8. Click save.
Comment 1 Fabiano Franz 2013-07-30 16:19:39 EDT
Waiting on customer response through the Red Hat Customer Portal.
Comment 2 Fabiano Franz 2013-07-30 16:59:37 EDT
Pull request: https://github.com/openshift/origin-server/pull/3232
Comment 3 openshift-github-bot 2013-07-31 12:33:48 EDT
Commits pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/86417253196d6caa23e192a53fb767debbbc3b06
Bug 985952 - strip certificate content when appending chain

https://github.com/openshift/origin-server/commit/672edbaca33aa8ddbecb4b498b19fb7dab4078da
Bug 985952 - should not touch certificate if chain was not provided
Comment 4 Yujie Zhang 2013-08-01 02:03:47 EDT
Tested on devenv-stage_429, the crt can be added successfully when combining the chain file to the crt file, so verify this bug ,thanks.

Note You need to log in before you can comment on or make changes to this bug.