K
Q

Host name does not match the certificate subject in deployment

1/2/2021

Facing an issue with the below error reason in kubernetes deployment for the HTTPS Certificate

Error : Host name does not match the certificate subject provided by the peer (CN=customer.endpoint.com)

My application is running with Network ip address with port number. Network ip is dynamic for the pods. So how do we alias customer.endpoint.com to avoid the above issue

-- user1485267
kubernetes
kubernetes-pod

Similar Questions

Ingress subdomain shows -- after creating an ibm-cloud kubernetes cluster
How to set up TLS connection for GKE Ingress
Is there any API Gateway for Azure AKS (Azure kubernetes services) cluster
Jenkins error on OpenShift: cannot create regular file ‘/var/lib/jenkins/plugins’: Permission denied
docker container directory gets overwritten by persistent volume (claim)

1 Answer

1/5/2021

To access your application first you have to create service for it. Read more here: kubernetes-services.

Then you have to create a TLS certificate for a Kubernetes service accessed through DNS. Please take a look at tls-certificates. In this documentation you will find how to properly set up certificates.

The flow will be like:

1. Create service to expose you app - for example ClusterIP. Remember that choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType

2. Download and install CFSSL - source: pkg-cfssl.

3. Create a Certificate Signing Request

4. Create a Certificate Signing Request object to send to the Kubernetes API

5. Get the Certificate Signing Request Approved

6. Download the Certificate and use it

-- Malgorzata
Source: StackOverflow