Creation of ImageStream is failing due to unknown certificate anchor in Red Hat OpenShift Container Platform registry

Solution Verified - Updated -

Issue

  • We cannot create an ImageStream with the below command. Can you please help us understand what is causing the error reported and how to fix it.
$ oc import-image master/jenkins-master-base --from=upstream-registry.faraway.example.intra:443/openshift-jenkins/master/jenkins-master-base:latest --confirm -n test | head -10
The import completed successfully.

Name:                   jenkins-master-base
Namespace:              test
Created:                5 hours ago
Labels:                 <none>
Annotations:            openshift.io/image.dockerRepositoryCheck=2018-05-09T13:58:35Z
Docker Pull Spec:       docker-registry.default.svc:5000/test/jenkins-master-base
Image Lookup:           local=false
Unique Images:          1

$ docker pull docker-registry-default.openshift.example.intra/test/jenkins-master-base
Using default tag: latest
Trying to pull repository docker-registry-default.openshift.example.intra/test/jenkins-master-base ...
error parsing HTTP 404 response body: json: cannot unmarshal number AB2344... into Go struct field Error.detail of type float64: "{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Op\":\"Get\",\"URL\":\"https://upstream-registry.faraway.example.intra:443/v2/\",\"Err\":{\"Cert\":{\"Raw\":\"123...",\"RawTBSCertificate\":\"456HGB...",\"RawSubject\":\"hu32DSa...\",\"RawIssuer\":\"hu32DSa...\",\"Signature\":\"3242zaSDJUSIHI...\",\"SignatureAlgorithm\":4,\"PublicKeyAlgorithm\":1,\"PublicKey\":{\"N\":32456347GHGGSD...,\"E\":45436},\"Version\":3,\"SerialNumber\":324235345,\"Issuer\":{\"Country\":[\"XC\"],\"Organization\":[\"EXAMLE\",\"Foo Bar\"],\"OrganizationalUnit\":[\"PKI\"],\"Locality\":null,\"Province\":null,\"StreetAddress\":null,\"PostalCode\":null,\"SerialNumber\":\"\",\"CommonName\":\"Root-CA 2016\",\"Names\":[{\"Type\":[2,5,4,3],\"Value\":\"Root-CA 2016\"},{\"Type\":[2,5,4,11],\"Value\":\"PKI\"},{\"Type\":[2,5,4,10],\"Value\":\"Foo Bar\"},{\"Type\":[2,5,4,10],\"Value\":\"EXAMPLE\"},{\"Type\":[2,5,4,6],\"Value\":\"XC\"}],\"ExtraNames\":null},\"Subject\":{\"Country\":[\"XC\"],\"Organization\":[\"EXAMPLE\",\"Foo Bar\"],\"OrganizationalUnit\":[\"PKI\"],\"Locality\":null,\"Province\":null,\"StreetAddress\":null,\"PostalCode\":null,\"SerialNumber\":\"\",\"CommonName\":\"Root-CA 2016\",\"Names\":[{\"Type\":[2,5,4,3],\"Value\":\"Root-CA 2016\"},{\"Type\":[2,5,4,11],\"Value\":\"PKI\"},{\"Type\":[2,5,4,10],\"Value\":\"EXAMPLE\"},{\"Type\":[2,5,4,10],\"Value\":\"Foo Bar\"},{\"Type\":[2,5,4,6],\"Value\":\"XC\"}],\"ExtraNames\":null},\"NotBefore\":\"2016-05-23T11:31:28Z\",\"NotAfter\":\"2023-05-23T11:31:28Z\",\"KeyUsage\":99,\"Extensions\":[{\"Id\":[2,5,29,14],\"Critical\":false,\"Value\":\"Hfuisdf...\"},{\"Id\":[2,5,29,19],\"Critical\":true,\"Value\":\"54huiweftHUI...\"},{\"Id\":[2,5,29,35],\"Critical\":false,\"Value\":\"fddSFUHfudsifdhfds...\"},{\"Id\":[2,5,29,15],\"Critical\":true,\"Value\":\"dfgdfgd453sd...\"}],\"ExtraExtensions\":null,\"UnhandledCriticalExtensions\":null,\"ExtKeyUsage\":null,\"UnknownExtKeyUsage\":null,\"BasicConstraintsValid\":true,\"IsCA\":true,\"MaxPathLen\":-1,\"MaxPathLenZero\":false,\"SubjectKeyId\":\"dghdfiogho38FHFO...\",\"AuthorityKeyId\":\"dghSDFHU385...\",\"OCSPServer\":null,\"IssuingCertificateURL\":null,\"DNSNames\":null,\"EmailAddresses\":null,\"IPAddresses\":null,\"PermittedDNSDomainsCritical\":false,\"PermittedDNSDomains\":null,\"ExcludedDNSDomains\":null,\"CRLDistributionPoints\":null,\"PolicyIdentifiers\":null}}}}]}\n"

Environment

  • Red Hat OpenShift Container Platform 3.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In