4

I have the ssl certificate zip file and the privatekey.key file. In total I have the certificate file .crt and another .crt with the name bundle.crt and a .pem file along with the private key with an extension .key.

Now I am trying to use it to create a secret in istio using these files. I am able to create a secret with these files (thecertificate.cert and the privatekey.key and not using the .pem and bundle.cert file) but then when I use in my istio ingress gateway configuration and test it, I get an error on Postman:

SSL Error: Unable to verify the first certificate.

Here are the details:

# kubectl create -n istio-system secret tls dibbler-certificate --key=privatekey.key --cert=thecertificate.crt

# kubectl get secrets -n istio-system

output: dibbler-certificate

gateway:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: dibbler-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      # serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
      # privateKey: /etc/istio/ingressgateway-certs/tls.key
      credentialName: dibbler-certificate
    hosts:
    - "test.ht.io" # domain name goes here

Any help is appreciated. Thanks

Wytrzymały Wiktor
  • 11,492
  • 5
  • 29
  • 37
test test
  • 83
  • 1
  • 1
  • 5
  • Which version of Kubernetes and Istio did you use and how did you set up the cluster? Did you use bare metal installation or some cloud provider? It is important to reproduce your problem. – Mikołaj Głodziak Mar 09 '22 at 14:42

1 Answers1

1

Your config files looks good. I have found very similar problem on discuss.istio.io. The problem is resolved by following:

Two servers was an error too but the important thing is I had to concatenate the godaddy ssl certificate.crt & the bundle.crt and then used the private key to create a secret. Now it’s workng fine.

You can also see this postman page.

Mikołaj Głodziak
  • 4,775
  • 7
  • 28