Unknown issuer of SSL certificate signed using CertificateSigningRequest

Comments

I'm having a problem that all SSL certificates generated by kubernetes using CertificateSigningRequest are signed with unknown issuer - issuer does not exist in any of kubernetes certificates (none of CA that exists in secrets in default-token which is mounted to Pod under /run/secrets/kubernetes.io/serviceaccount/ path).

Issuer which signed my SSL certificate is not present in any of secrets (Issuer: CN = kube-csr-signer_@1581572617). While CA contains following issuers:

        Subject: CN=ingress-operator@1581504807
        Subject: CN=openshift-cluster-monitoring@1581505033
        Subject: CN=openshift-kube-apiserver-operator_localhost-recovery-serving-signer@1581504437
        Subject: OU=openshift, CN=kube-apiserver-lb-signer
        Subject: OU=openshift, CN=kube-apiserver-localhost-signer
        Subject: OU=openshift, CN=kube-apiserver-service-network-signer

Where may I find ca.crt with issuer or is this method valid for obtaining certificates for Openshift Platform.

P.S. Under bare kubernetes platform everything works properly so it must be Openshift specific problem.

Openshift Version: 4.3

Started 2020-02-19T10:00:13+00:00 by

Szymon Krasuski

Newbie 10 points

Select Your Language

Unknown issuer of SSL certificate signed using CertificateSigningRequest

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links