wrong, not valid ca.crt is generated

[StefanSa]

Hi there, the correct caBundele is registered to the Adcs issuer. But the generated "ca.crt" in the certificate is not valid, readable. What am i doing wrong here?

Thanks for any help. @SimeonPoot, i use your fork (thanks)

[SimeonPoot]

Hi StefanSa, I was wondering which version of OpenSSL you're using. Perhaps this error could be correlated with an old version of it. Do you have the configuration you used to get to this problem, so we can investigate?

Ps. Sorry, I read your post to cert-manager

[StefanSa]

Hi @SimeonPoot thanks for your answer. What is noticeable is that the ca.crt on the certificate differs significantly from the ca in the caBundle, just in terms of length / size. For this reason alone, i think that the ca.crt is defective, i just ask why. I use opensuse leap with the corresponding openssl. Why is the ca.crt not identical to the caBundle. i used the Docker image "pietere / controller", not binary that i compiled myself. The interesting thing about this is that all other certificates are valid and correctly issued by the ADCS, only the ca.crt causes problems. Which configuration do you need from me so that I can make it easier for you to look for this error?

Thanks for your time and help.

[SimeonPoot]

I understand, ok! You're using that image. Good to know, perhaps an idea to compile the binary from the code locally and see if this fixes your issue. I think it's just a matter of building the docker image. Let's see if that fixes your problem. I might have some time next week to check it out otherwise.

[StefanSa]

@SimeonPoot Thank you for the wink with the image, that was exactly the problem. Own image created and rolled out in k8s, now everything works as expected. Thanks again.