Replacing the default ingress certificate in OpenShift 4.x causes x509 error for webconsole, logins, monitoring and oauth applications

Solution Verified - Updated -


  • After following the instructions for replacing the default ingress certificate, the web console and monitoring components becomes inaccessible.

  • The certificate applied to the ingress router was generated by a private/custom certificate authority;

  • When I go to login or pod logs, I get an error:

    error: x509: certificate signed by unknown authority
  • Using any OpenShift component that uses the oauth-proxy/oauth-server does not work, getting 500 Internal Server Error;

  • Unable to open Grafana/Alertmanager/Prometheus GUI as it throws 500 Internal Server Error on the screen.


  • Red Hat OpenShift Container Platform (OCP)
    • 4.2
    • 4.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content