Dears,
I’ve created a RKE cluster to run Rancher as per the tutorial Rancher Docs: Set up Infrastructure for a High Availability RKE Kubernetes Cluster
I’m facing an issue with Google Chrome (certificate warnings bypassed with Firefox) while I’ve not customized anything. How can I make sure the UI Rancher certificate is using a valid certificate? Also, my CA bundle located in /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt doesn’t contain dynamiclistener-ca, is there any issue there?
> echo | openssl s_client -showcerts -servername [serverFQDN] -connect [serverFQDN]:443 2>/dev/null
> CONNECTED(00000003)
> —
> Certificate chain
> 0 s:
> i:O = dynamiclistener-org, CN = dynamiclistener-ca
> -----BEGIN CERTIFICATE-----
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxx
> -----END CERTIFICATE-----
> —
> Server certificate
> subject=
**> **
> issuer=O = dynamiclistener-org, CN = dynamiclistener-ca
**> **
> —
> No client certificate CA names sent
> Peer signing digest: SHA256
> Peer signature type: RSA-PSS
> Server Temp Key: X25519, 253 bits
> —
> SSL handshake has read 1163 bytes and written 422 bytes
> Verification error: unable to verify the first certificate
> —
> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 21 (unable to verify the first certificate)
> —
thanks in advance