###### tags: `redhat`,`ocp4` # OpenShift 豋入時出現憑證問題 ``` $ oc login -u kubeadmin --insecure-skip-tls-verify=true error: x509: certificate signed by unknown authority ``` ## 匯出 OpenShift 的憑證，並放入系統中 ``` $ oc project openshift-authentication $ oc get pods NAME READY STATUS RESTARTS AGE oauth-openshift-fcb74f9d7-fbbbd 1/1 Running 0 23m oauth-openshift-fcb74f9d7-k4z62 1/1 Running 0 23m oauth-openshift-fcb74f9d7-x5pp9 1/1 Running 0 22m # export the certificate $ oc rsh oauth-openshift-fcb74f9d7-k4z62 cat /run/secrets/kubernetes.io/serviceaccount/ca.crt > ocp4-ca.crt # On RHEL $ cp ocp4-ingress-ca.crt /etc/pki/ca-trust/source/anchors/ $ update-ca-trust extract ``` ### Mac OS Safari Open "Keychain Access" ==> Login ==> My Certificates ==> File ==> Import Items... ==> Double Click your certificate's domain name ==> Trust ==> "When using this certificate:" ==> Always Trust ##### Or Double click your certificate file, it brings up the "Keychain Access" ==> Double Click your certificate's domain name ==> Trust ==> "When using this certificate:" ==> Always Trust