Bootstrap FreeKB - OpenShift - Resolve "The server uses a certificate signed by an unknown authority"
OpenShift - Resolve "The server uses a certificate signed by an unknown authority"
Updated:   |  OpenShift articles

Let's say the following is being returned when attempting to log into OpenShift using the oc login command.

~]# oc login --username john.doe --password itsasecret api.openshift.example.com:6443
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n):

 

The openssl s_client connect command can be used to display the certificates. Notice in this example that the certificates have the same CN (common name) and verify error "self signed certificate" is returned. This is what I am used to seeing.

]$ echo "Q" | openssl s_client -connect api.openshift.example.com:6443
CONNECTED(00000003)
depth=1 OU = openshift, CN = kube-apiserver-service-network-signer
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/CN=172.30.0.1
   i:/OU=openshift/CN=kube-apiserver-service-network-signer
 1 s:/OU=openshift/CN=kube-apiserver-service-network-signer
   i:/OU=openshift/CN=kube-apiserver-service-network-signer
subject=/CN=172.30.0.1
issuer=/OU=openshift/CN=kube-apiserver-service-network-signer

 

If you trust these certificates, you can use the --insecure-skip-tls-verify flag to bypass this warning.

oc login --username john.doe --password itsasecret api.openshift.example.com:6443 --insecure-skip-tls-verify

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 7625d5 in the box below so that we can be sure you are a human.