Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: 4.14.0
Affects Version/s: 4.13.z, 4.12.z, 4.14.0
Component/s: HyperShift
Labels:
- triaged

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
No

Target Backport Versions:
None
Target Version:

4.14.z
Release Blocker:
Rejected
Sprint:
Hypershift Sprint 236, Hypershift Sprint 237
sprint_count:
2

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

oc login --token=$token
--server=https://api.dalh-dev-hs-2.05zb.p3.openshiftapps.com:443 --certificate-authority=ca.crt
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.

The referenced "ca.crt" comes from the Secret created when a Service Account is created.

Version-Release number of selected component (if applicable): 4.12.12

How reproducible: Always

blocks

OCPBUGS-14030 Invalid CA certificate bundle provided by service account token

Closed

is cloned by

OCPBUGS-14030 Invalid CA certificate bundle provided by service account token

Closed

OCPBUGS-14031 Invalid CA certificate bundle provided by service account token

Closed

links to

openshift/hypershift#2584: OCPBUGS-13168: Include default ingress CA in root CA bundle

mentioned on

Merge request - Bump IBM integration to our latest prod image.

Assignee:: Cesar Wong

Reporter:: Will Gordon

Need Info From:: None

Contributors:: None

QA Contact:: Jie Zhao

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2023/05/05 3:11 PM

Updated:: 2025/07/26 11:41 PM