-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix OCP HSTS errors #282
Comments
Dont forget to add the link to the issue/PR to track that from your tasks ;-) |
Can you add the link to the ticket created please ? @jacobdotcosta |
I think that I know how to fix it. We dont have issues when we access
instead the certificate generated by the ocp ingress operator for us
So, if we ask to Let's encrypt and Godaddy to sign a Certificate request for The next challenge will be to pass such a certificate within the Openstack ocp install config file. Maybe using: https://docs.openshift.com/container-platform/4.13/installing/installing_openstack/installing-openstack-installer-custom.html#installation-osp-describing-cloud-parameters_installing-openstack-installer-custom WDYT ? @jacobdotcosta |
I tested manually this procedure after updating the certificate and issuer role of k8s-infra, collected the updated secret and patched as described here: https://docs.openshift.com/container-platform/4.13/security/certificates/replacing-default-ingress-certificate.html#replacing-default-ingress_replacing-default-ingress Now, the access to https://console-openshift-console.apps.ocp.snowdrop.dev/dashboards do not generate a HTST error ;-) oc login is reporting nevertheless an error
FYI: @jacobdotcosta |
A part of the problem could be automated if we pass to the openshift installer config file the parameter NOTE: We need of course to populate first and separately the CA crt and keys before to create a cluster ! |
Problem fixed after issuing the following certificate
|
Question from Antonio: Charles's response: It is not needed to centralize everything on a cluster EXCEPT when rotation will take place and when secrets (= ca, tls) are still used.
|
Issue
When we access the ocp console, then we got such a message from google chrome
HSTS: https://developer.mozilla.org/en-US/docs/Glossary/HSTS
Temporary workaround is to type
thisisunsafe
within the google chrome window - https://stackoverflow.com/questions/33268264/chromethe-website-uses-hsts-network-errors-this-page-will-probably-work-lateThe text was updated successfully, but these errors were encountered: