The certificate for node-exporter in OpenShift Monitoring stack is self-signed certificate in OpenShift Container Platform 4 by default.

Solution Verified - Updated -

Issue

The presence of a self-signed SSL certificate within the system infrastructure poses a security check to be verified. Specifically, the certificate for CN=*.node-exporter.openshift-monitoring.svc issued by CN=openshift-service-serving-signer is self-signed.

A certificate signed by a trusted third-party Certificate Authority, with subject commonName or subjectAltName matching the server's fully qualified domain name (FQDN) is not required as node-exporter is internal and it is not exposed, hence the nature of the self-signed certificate.

Environment

  • Red Hat OpenShift Container Platform 4 [RHOCP]

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content