mTLS in OpenShift + Istio (client certificate)

Question

There is an application (Java) deployed in OpenShift. The istio-ingress-gateway is also configured. My task is to call my service using the https protocol with mTLS. At the moment, I have the following settings in the ingress-gateway in the tls block:

    caCertificates: somePath/ca.pem
    mode: MUTUAL
    privateKey: somePath/tls.key
    serverCertificate: somePath/tls.crt

I want to call my service through Google Chrome / Postman / curl, as I understand it, for this I need to generate a client certificate based on the certificates specified in openshift and put it in the calling client. My question is how can I generate a client certificate from this and how can I put it on the caller?

There is istio documentation about [Generating client and server certificates and keys](https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/#generate-client-and-server-certificates-and-keys). There is an [example](https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/#configure-a-mutual-tls-ingress-gateway) with curl. You should be able to set ssl certificates with postman as mentioned [here](https://blog.postman.com/set-and-view-ssl-certificates-with-postman/). Let me know if that answer your question. — Jakub, Jul 24 '20 at 10:04

score 2 · Accepted Answer · answered Aug 07 '20 at 11:53

2

it's work for browser - openssl pkcs12 -export -out cert.pfx -inkey tls.key -in tls.crt -certfile ca.pem - don't forget import cert.pfx to windows

For Curl - 'c u r l https://mTLSHost -k --key ./tls.key --cert ./tls.crt'

answered Aug 07 '20 at 11:53

Дима Гуманов

117
2
12

mTLS in OpenShift + Istio (client certificate)

1 Answers1