DAP Master certificate issue

Hi,

A master container is setup with Loadbalancer DNS and with no master-altnames. Load balancer certificate (with CN as Load balancer DNS) is imported using evoke ca import command to the master container. The Certificate also contains the DNS of the master container hostname (DNS) and other standby hostnames as subject alternate names. Also the ca chain is imported to the master container. The container was working fine before certificate import (with SSL error), but after the import the UI doesn’t work. Any suggestions here would be really helpful.

Enhanced Key Usage should have Server (1.2.6.1.5.5.7.3.1) and Client Authentication (1.3.6.1.5.5.7.3.2).

@rhentzIDM - Enhanced Key usage is set properly

The evoke ca import step would fail if the certificate didn’t have Server and Client auth enabled. As for the root cause of the OP’s issue, it’s hard to tell from what information we have as to the root of the issue. The certificate import does a restart of all of the services, so the first thing to check is the /health endpoint to make sure the service is running. If it isn’t, you can try to start it manually by running sv start conjur/ui from inside the container. If that fails, I’d look in the docker logs for the container to see if more information can be uncovered.

Regards,
Nate

1 Like

@Naren, did this get you sorted out?