K
Q

Istio remote error: tls: error decrypting message

5/21/2020

I am starting out with Istio and trying to enable TLS on north-south traffic by creating a gateway resource enabled with TLS and am following this doco https://istio.io/docs/tasks/traffic-management/ingress/secure-ingress-mount/.

I have following everything to the dot but I keep getting this error from the Istiod pod logs:

2020-05-21T04:41:44.467181Z info    grpc: Server.Serve failed to complete security handshake from "10.x.x.x:34774": remote error: tls: bad certificate
2020-05-21T04:41:54.416502Z info    grpc: Server.Serve failed to complete security handshake from "10.x.x.x:56768": remote error: tls: error decrypting message
2020-05-21T04:42:00.305269Z info    grpc: Server.Serve failed to complete security handshake from "10.x.x.x:56834": remote error: tls: error decrypting message

Any idea why this is happening? I did check for typos while creating certs but cannot find any.

This works for when I disable TLS and use HTTP. So I am assuming that the error is from using the certificates and the logs tell the same thing too.

Details about the cluster:

AWS EKS Version: 1.14

Istio Version: 1.51

Any help would be greatly appreciated!

-- YYashwanth
istio
kubernetes
kubernetes-ingress
kubernetes-pod
ssl

Similar Questions

How to spawn statefulsets pod when new node added to cluster( like daemonsets)? Using helm for deployment
This version of kubeadm only supports deploying clusters with the control plane version >= 1.16.0. Current version: v1.12.0 Kubernetes
Kubernetes volumes not getting mounted
Kubernetes Pod's containers not running when using sh commands

0 Answers