The current command is generating a certificate that is failing when we use the mirror openshift:
error: unable to connect to provision.9ldsh.dynamic.opentlc.com:5000/ocp4/openshift4: Get "https://provision.9ldsh.dynamic.opentlc.com:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
agonzalezrh
commented
3 years ago
Command to generate certificate should be: [lab-user@provision scripts]$ sudo openssl req -newkey rsa:4096 -nodes -sha256 -keyout /nfs/registry/certs/domain.key -x509 -days 365 -out /nfs/registry/certs/domain.crt -subj "/C=US/ST=NorthCarolina/L=Raleigh/O=Red Hat/OU=Marketing/CN=provision.$GUID.dynamic.opentlc.com" -addext "subjectAltName = DNS:provision.$GUID.dynamic.opentlc.com"
The current command is generating a certificate that is failing when we use the mirror openshift: error: unable to connect to provision.9ldsh.dynamic.opentlc.com:5000/ocp4/openshift4: Get "https://provision.9ldsh.dynamic.opentlc.com:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0