Extracting TLS CA Certificates from Kubeconfig File

OpenShift creates a number of Certificate Authorities to sign TLS certificates which secure functions including load balancing of the API and Ingress services. Recent versions of openshift-install will place all the CA certificates in the generated auth/kubeconfig file.

Here is how to extract and split those certificates into individual files which eases the process of trusting them particularly on a Mac.

Continue reading

Changing the SSL Certificate for OpenShift Console

OpenShift has an internal CA for generating certificates to authenticate intra-cluster communication, but your browser doesn’t trust this CA. Perhaps you want to fix that without mucking with the internal SSL communication? I did. Here is how. This OpenShift doc explains how to do this, but it isn’t very clear, to me at least. Overview An outline of the steps: Only make changes to the public URLs and not any internal URLs.

Continue reading