SEC_ERROR_BAD_DER on argo instannce

[chmouel]

Describe the bug

I have installed Openshift Gitops Operator following the procedure from :

https://docs.openshift.com/container-platform/4.9/cicd/gitops/installing-openshift-gitops.html

when trying to get to the argos instance I am getting this firefox ssl error :

An error occurred during a connection to openshift-gitops-server-openshift-gitops.apps.paac.devcluster.openshift.com. security library: improperly formatted DER-encoded message.

Error code: SEC_ERROR_BAD_DER

my openshift router has a letsencrypt certificate on it and properly encrypted, it seems that argos route doesn't reuse it ?

tried with firefox97 and with safari 15.3

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots

Additional context
Add any other context about the problem here.

[vrutkovs]

Same error here due to some odd self-signed cert. Chrome lets me bypass the error

[valumar]

The same for OpenShift version 4.8.26 and Red Hat OpenShift GitOps 1.4.1

[vrutkovs]

Workaround:

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
spec:
  server:
    route:
      tls:
        insecureEdgeTerminationPolicy: Redirect
        termination: reencrypt

[mbaldessari]

I suspect that by default we should let haproxy/router be in charge of encryption (it would work with letsencrypt certificates and it is fundamentally haproxy's job to deal with certs). So switching the route default to reencrypt just makes more sense I think.

To track why firefox changed behaviour (it happened first with FF94) I opened https://bugzilla.redhat.com/show_bug.cgi?id=2058661