Creating a TERMINATED_HTTPS loadbalancer listener is failing with `Could not retrieve certificate (...)` in Red Hat OpenStack Platform 13

Solution In Progress - Updated -

Issue

After updating to the latest z5 release of RHOSP 13, trying to create a TERMINATED_HTTPS loadbalancer listener is failing with Could not retrieve certificate: ['<URL>'] (HTTP 400) (Request-ID: req-<uuid>).

openssl req -new -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out server.crt -keyout server.key
openssl pkcs12 -export -inkey server.key -in server.crt -passout pass: -out server.p12
openstack secret store --name='tls_secret1' -t 'application/octet-stream' -e 'base64' --payload="$(base64 < server.p12)"
openstack acl user add -u octavia $(openstack secret list | awk '/ tls_secret1 / {print $2}')
openstack loadbalancer create --name lb1 --vip-subnet-id provider1-subnet
sleep 300
openstack loadbalancer listener create --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(openstack secret list | awk '/ tls_secret1 / {print $2}') lb1

Note that this can also lead to the following issue, as a consequence: https://bugzilla.redhat.com/show_bug.cgi?id=1712448

Environment

Red Hat OpenStack Platform 13

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content