0

I'm trying to install Openshift Container Platform (OCP) in restricted network. However, I've been struggling at the prerequisite step where I have to create a mirror registry to store the data following this instruction.

I created docker registry with self-signed certificate authorization and setup variables as illustrated. The error appeared when I ran the following command using OC CLI:

sudo oc image mirror -a ${LOCAL_SECRET_JSON} --from-dir=${REMOVABLE_MEDIA_PATH}/mirror "file://openshift/release:${OCP_RELEASE}*" ${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}

The error:

error: unable to connect to 192.168.100.215:5000/repo: Get "https://192.168.100.215:5000/v2/": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "192.168.100.215")

I believed that OC didn't trust my certificate but when i tried to add --certificate-authorty=/certs/domain.crt (my self-signed certificate) the same error still showed up.

Is there a way to solve this problem, thank you very much!!

ps: I'm new to Redhat Openshift

anh_nguyenduc
  • 3
  • 2

1 Answers1

0

add the following option to your command in order to skip certificate verification : --insecure-skip-tls-verify=true

Imed Aouidene
  • 95
  • 1
  • 7
  • thanks, setting **insecure** is a sort of work around even though it isn't recommended.. – anh_nguyenduc Aug 31 '21 at 22:01
  • yes it's a sort of work around, but since it's a self signed certificate, you can either use the skip-tls-verify , or you need to add your CA to your system . – Imed Aouidene Aug 31 '21 at 22:05