Adding new OCP nodes fails because Machine Config Server certificate is missing the SAN field

Solution Verified - Updated -

Issue

  • Adding new nodes to a RHOCP cluster fails because the ignition process doesn't accept the Machine Config Server certificate
  • Any new node ignition process fails with error: ignition[743]: GET error: "https://api-int.<domain>:22623/config/master": x509: certificate relies on legacy Common Name field, use SANs instead.

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4.10 and later
  • Red Hat Enterprise Linux CoreOS (RHCOS)
    • 4.10 and later
  • UPI installation

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content