Unable to login to DXOI due to certificate expiry
search cancel

Unable to login to DXOI due to certificate expiry

book

Article ID: 262989

calendar_today

Updated On:

Products

DX Operational Intelligence DX Application Performance Management

Issue/Introduction

 DX-OI application is not accessible and unable to login in open shift with credentials error

 

 

Environment

Release :21.3.1 HF1

Openshift 3.11

Cause

Certificates for master, router, registry, etc. had expired.

Resolution

The expired certificates were renewed 

1.No issue with memory and disk in the nodes, verification done using

    df -h
    free -g

 

2 oc get csr 

 

3. Check if any certificates have expired 

cd /etc/origin/master 

for file in $(find /etc/origin/master/*.crt); do  echo "$file"; openssl x509 -enddate -noout -in "$file"; done

 

4.Redeploy certificates from playbook

ansible-playbook -i <inventory_file> \
    playbooks/openshift-etcd/redeploy-certificates.yml

 

5.Recheck certificate expiry

for file in $(find /etc/origin/master/*.crt); do  echo "$file"; openssl x509 -enddate -noout -in "$file"; done

 

6.Check the certificate status 

   oc get csr

 

7.Manually approve any certificates if in pending status 

oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' | xargs oc adm certificate approve

 

Additional Information