Replacing the default ingress certificate in OpenShift 4.x causes x509 error for webconsole, logins, monitoring and oauth applications

Solution Verified - Updated -


  • After following the instructions for replacing the default ingress certificate, the web console and monitoring components becomes inaccessible.

  • The certificate applied to the ingress router was generated by a private/custom certificate authority;

  • When I go to login or pod logs, I get an error:

    error: x509: certificate signed by unknown authority
  • Using any OpenShift component that uses the oauth-proxy/oauth-server does not work, getting 500 Internal Server Error;

  • Unable to open Grafana/Alertmanager/Prometheus GUI as it throws 500 Internal Server Error on the screen.


  • Red Hat OpenShift Container Platform (OCP)
    • 4.2
    • 4.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In