Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-48534

Ironic SSL certificate uses "metal3-ironic" as CN, causing trouble to some BMC vendors

XMLWordPrintable

    • None
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          The certificate used by Ironic as part of the metal3 deployment uses "metal3-ironic" as CN, which does not correspond to the hostname in the cluster. This creates trouble for the TLS validation in some BMCs.

      Version-Release number of selected component (if applicable):

          Seen on OCP 4.12 and later versions.

      How reproducible:

          Always

      Steps to Reproduce:

          1. openssl s_client -showcerts <hostname>:6385 < /dev/null     
    2. Check subject CN

      Actual results:

          Two CNs are shown: localhost and metal3-ironic

      Expected results:

          The CN can be configurable, so it is accepted by the BMC

      Additional info:

              imelofer Iury Gregory Melo Ferreira
              jpena@redhat.com Javier Pena
              Jad Haj Yahya Jad Haj Yahya
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: