stackoom
  简体   繁体   中英

mTLS in OpenShift + Istio (client certificate)

 原文  2020-07-23 14:39:05       ssl/ https/ tls1.2/ istio/ mtls

Question

There is an application (Java) deployed in OpenShift. The istio-ingress-gateway is also configured. My task is to call my service using the https protocol with mTLS. At the moment, I have the following settings in the ingress-gateway in the tls block:

    caCertificates: somePath/ca.pem
    mode: MUTUAL
    privateKey: somePath/tls.key
    serverCertificate: somePath/tls.crt

I want to call my service through Google Chrome / Postman / curl, as I understand it, for this I need to generate a client certificate based on the certificates specified in openshift and put it in the calling client. My question is how can I generate a client certificate from this and how can I put it on the caller?

1 answers

solution1
 2 ACCPTED  2020-08-07 11:53:31

it's work for browser - openssl pkcs12 -export -out cert.pfx -inkey tls.key -in tls.crt -certfile ca.pem - don't forget import cert.pfx to windows

For Curl - 'cu r l https://mTLSHost -k --key./tls.key --cert./tls.crt'

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question MTLS - generate certificate to nodejs client side SSL Client Authentication in Openshift with Custom SSL Certificate gRPC, NodeJS, mTLS istio throws SSL error Validating client (non-istio) certificate at the Ingress gateway in my AKS cluster AWS API Gateway MTLS client auth MTLS and http client connection pool usage Again a question on Certificate issue on Istio Spring Boot - self-signed mTLS - necessary certificate Openshift rhcloud SSL not valid certificate Is mTLS faster when both client and server is authenticated after handshake
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM