Redeploy certificates for service catalog components in OCP 3.9 and 3.11

Solution Verified - Updated -


  • Certificate inside etcd-auth-secret is about to expire.
  • Renew certificate for openshift-ansible-service-broker.
  • After renewing the OpenShift Container Platform Master certificate, the atomic-openshift-master-controller logs the following error:

    Aug 04 11:24:49 atomic-openshift-master-controllers[41971]: F0804 11:24:49.664755   41971 start_master.go:656] Error starting "" (failed to discover resources: unable to retrieve the complete list of server APIs: an error on the server ("Error: 'x509: certificate has expired or is not yet valid'\nTrying to reach: ''") has prevented the request from succeeding)
  • In OCP 3.11 there is no way to redeploy service catalog certificates


  • Red Hat OpenShift Container Platform (OCP)
    • 3.9
    • 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content