Use User-supplied Certificates

This topic describes how to configure Cisco Panoptica to work with user-supplied externally generated certificates on Kubernetes clusters.
By default, Istio generates and uses self-signed certificates. The steps below describe how to use an externally signed certificate and key.

Use externally-signed certificates

To use an externally signed certificate, create a secret named cacerts, containing the certificates and key:

kubectl create secret generic cacerts -n istio-system --from-file=samples/certs/ca-cert.pem \
    --from-file=samples/certs/ca-key.pem --from-file=samples/certs/root-cert.pem \

When Istio starts, it will check this secret, and use the provided certificates (if they are defined); otherwise, it will generate a self-signed certificate.