I'm having a devil of a time here, and I can't figure out what the problem might be - I'm doing a disconnected install of the 4.2 dev preview (don't think that matters here....) and my master won't retrieve the appended ignition config from the bootstrap machine-config-server because (it says) the certificate is expired or not yet valid.
The problem is that the certificate is valid. If I use openssl s_client from the bootstrap node to connect to api-int.openshift4poc.example.local:22623, I get a validly dated certificate back (valid for ~10 years): [core@localhost ~]$ openssl s_client -connect api-int.openshift4poc.example.local:22623 | openssl x509 -noout -text depth=0 CN = api-int.openshift4poc.example.local verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = api-int.openshift4poc.example.local verify error:num=21:unable to verify the first certificate verify return:1 Certificate: Data: Version: 3 (0x2) Serial Number: 4048994022129122464 (0x3830ea9c52afbca0) Signature Algorithm: sha256WithRSAEncryption Issuer: OU = openshift, CN = root-ca Validity Not Before: Sep 30 22:46:23 2019 GMT Not After : Sep 27 22:46:24 2029 GMT Subject: CN = api-int.openshift4poc.example.local I've tried blowing away the boostrap node, regenerating my ignition configs in a new directory, and then rebuilding, but that seems to have no effect (though since the cert validity dates change, I know I'm doing that right). I've tried for a couple hours to get a shell on the master to figure out what it thinks the date is (should be correct) but that's next to impossible. I can't boot the OS to emergency mode since the root account is locked (as it should be, but cmon......). It's *so* difficult to debug this. _______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users