Redirect from OpenShift console to OpenShift Web Console is not working

Solution Verified - Updated -


  • OpenShift Container Platform
    • 3.11


  • Accessing the OpenShift Web Console from the drop-down menu in the console attempts to redirect to the Web Console but fails.
  • Both the console pod and the Web Console pod appear to be running fine.
  • Logs may point to a certificate issue:
14:04:24 http: TLS handshake error from [::1]:41646: remote error: tls: bad certificate
14:04:24 auth: unable to verify auth code with issuer: Post x509: certificate is valid for console.openshift-console.svc, console.openshift-console.svc.cluster.local, not
2019/08/13 14:04:24 server: authentication failed: unauthenticated


  • Look at the hosts and resolv.conf fileon the master node where the web console is running to check for DNS conflicts.
# cat /etc/hosts

# osmaster localhost.localdomain localhost localhost4.localdomain4 localhost4 osmaster osnode1 osnode2 osnode3 osinfra

# The following lines are desirable for IPv6 capable hosts
::1 osmaster
::1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
  • Comment out the conflicting line:
::1 osmaster
  • Restart dnsmasq on node host
# systemctl restart dnsmasq

Root Cause

DNS may be correct outside of the cluster, but if things are incorrect on node hosts, pods will resolve to where they are instructed to by the locally-defined hosts and resolv.conf file on the node hosts before they look to other name servers outside of the cluster.

In the above example, from a curl to the web console URL from a node host, we can see it resolves to ::1 (IPv6 loopback) first, because of the locally-defined hosts:

[ ~]# curl -v
* About to connect() to port 8443 (#0)
*   Trying ::1...

If you attempt the same curl from within the console pod, the results will be the same:

[ ~]# oc exec -it console-asdfasdf1p-podID
bash-4.1$ curl -v
* About to connect() to port 8443 (#0)
*   Trying ::1...

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.