The Solutions:
Solution 1: Using a detailed SAN to create the self-signed certificate
To resolve the issue with certificates in ArgoCD using self-signed certificates, follow these steps:
- Create a self-signed certificate with a detailed SAN, including the server name and IP address.
- Add the following to the subjectAltName field:
DNS:<server name>, DNS:<localhost>, DNS:<domain name>, IP:<server IP>, IP:<localhost IP>
- Add the root CA and server certificate to the
/usr/share/ca-certificates
folder. - Add the root CA to the
/etc/docker/certs.d/<server IP>:<port>/
folder. - Modify the
/etc/docker/daemon.json
file to include the insecure registry. - Create a secret in the ArgoCD namespace with the docker username, password, and server.
- Add an imagePullSecrets tag to the Helm chart deployment file, referencing the secret created in step 6.
Solution 2: Adding Certificate to Host’s Root CAs
When using self-signed certificates, the host doesn’t initially trust the certificates. To resolve this issue, you need to add the self-signed certificate to the host’s list of trusted root certificates:
- Convert the PEM certificate to a CRT certificate using the command:
openssl x509 -outform der -in ca-cert.pem -out ca-cert.crt
- Update the host’s CA certificates using the command:
sudo update-ca-certificates
- Restart the host or service that requires the certificate to ensure the updated CA certificates are loaded.
With this solution, the host will now recognize the self-signed certificate as trusted, resolving the issue.
Q&A
What is the correct sequence to install self-signed certificate in the host?
- Create the certificate and CA. 2. Update the ca-certificates in the host. 3. Add the created certificates to a proxy.
What is the SAN configuration for self-signed certificate?
subjectAltName=DNS:<servername>,DNS:localhost,IP:<ip>
Where is the root CA stored once installed?
In the host’s root CAs, typically in /usr/share/ca-certificates/.
Video Explanation:
The following video, titled "Getting Started with ArgoCD on OpenShift 4 - YouTube", provides additional insights and in-depth exploration related to the topics discussed in this post.
In this video, Christian Hernandez shows you how to get started with ArgoCD on OpenShift 4 as he deploys an application across two clusters.
The following video, titled "Getting Started with ArgoCD on OpenShift 4 - YouTube", provides additional insights and in-depth exploration related to the topics discussed in this post.
In this video, Christian Hernandez shows you how to get started with ArgoCD on OpenShift 4 as he deploys an application across two clusters.