K
Q

How do I add an intermediate SSL certificate to Kubernetes ingress TLS configuration?

8/21/2017

The documentation does not specify how to add an intermediate SSL certificate: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

I suppose the next step would be to read the Kubernetes source code.

-- Chris Stryczynski
kubernetes

Similar Questions

Running Spring boot application in a container? or a VM? or a container inside a VM?
Recommended way to configure max_prepared_transactions in Postgres on Kubernetes
Istio - Connection timeout when calling service-two from service-one (examples)
Neo4j - How to access bolt from a secure connection using Docker image?

3 Answers

4/20/2018

It has to be appended to the same file. Just like nginx.

-- Chris Stryczynski
Source: StackOverflow
12/10/2018

If you add multiple certificates in tls.cert key in Kubernetes TLS Ingress Configuration. Please do this like this

-----BEGIN CERTIFICATE-----
<put your certificate value in a single line >
-----END CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
<put your certificate value in a single line>
-----END INTERMEDIATE CERTIFICATE-----

Otherwise, you'll get an error in ssl cert chain validation.

Always put main certificate first.

-- Saran
Source: StackOverflow
3/9/2020

Use this command to create a cert

kubectl create secret generic tlscert_with_ca --from-file=tls.crt=your_cert.crt --from-file=tls.key=your_key.key --from-file=ca.crt=your_ca.crt

BTW, your_ca.crt could be a intermediate cert as well

It works to me, the cert in nginx-inginx-controller should like this

-----BEGIN CERTIFICATE-----
your_cert
-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----
your_key
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
your_intermediate
-----END CERTIFICATE-----

Reference official doc

-- Vampire_D
Source: StackOverflow