Use User-supplied Certificates
This topic describes how to configure Cisco Panoptica to work with user-supplied externally generated certificates on Kubernetes clusters.
By default, Istio generates and uses self-signed certificates. The steps below describe how to use an externally signed certificate and key.
Use externally-signed certificates
To use an externally signed certificate, create a secret named cacerts, containing the certificates and key:
kubectl create secret generic cacerts -n istio-system --from-file=samples/certs/ca-cert.pem \ --from-file=samples/certs/ca-key.pem --from-file=samples/certs/root-cert.pem \ --from-file=samples/certs/cert-chain.pem
When Istio starts, it will check this secret, and use the provided certificates (if they are defined); otherwise, it will generate a self-signed certificate.
Updated 3 months ago