Creating a TERMINATED_HTTPS loadbalancer listener is failing with `Could not retrieve certificate (...)` in Red Hat OpenStack Platform 13

Solution In Progress - Updated -

Issue

After updating to the latest z5 release of RHOSP 13, trying to create a TERMINATED_HTTPS loadbalancer listener is failing with Could not retrieve certificate: ['<URL>'] (HTTP 400) (Request-ID: req-<uuid>).

openssl req -new -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out server.crt -keyout server.key
openssl pkcs12 -export -inkey server.key -in server.crt -passout pass: -out server.p12
openstack secret store --name='tls_secret1' -t 'application/octet-stream' -e 'base64' --payload="$(base64 < server.p12)"
openstack acl user add -u octavia $(openstack secret list | awk '/ tls_secret1 / {print $2}')
openstack loadbalancer create --name lb1 --vip-subnet-id provider1-subnet
sleep 300
openstack loadbalancer listener create --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(openstack secret list | awk '/ tls_secret1 / {print $2}') lb1 

Note that this can also lead to the following issue, as a consequence: https://bugzilla.redhat.com/show_bug.cgi?id=1712448

Environment

Red Hat OpenStack Platform 13

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In