DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
k8s-ci-robot 2021-11-12 19:35:44 +00:00
parent 7fc917c074
commit 5542bdd21d
5 changed files with 54 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

2
examples/PREREQUISITES/index.html
View file

@ -7,7 +7,7 @@
<span class=gp>$</span> kubectl create secret tls tls-secret --key tls.key --cert tls.crt
<span class=go>secret &quot;tls-secret&quot; created</span>
</code></pre></div> <p>Note: If using CA Authentication, described below, you will need to sign the server certificate with the CA.</p> <h2 id=client-certificate-authentication>Client Certificate Authentication<a class=headerlink href=#client-certificate-authentication title="Permanent link"></a></h2> <p>CA Authentication also known as Mutual Authentication allows both the server and client to verify each others identity via a common CA.</p> <p>We have a CA Certificate which we obtain usually from a Certificate Authority and use that to sign both our server certificate and client certificate. Then every time we want to access our backend, we must pass the client certificate.</p> <p>These instructions are based on the following <a href=https://medium.com/@awkwardferny/configuring-certificate-based-mutual-authentication-with-kubernetes-ingress-nginx-20e7e38fdfca>blog</a></p> <p><strong>Generate the CA Key and Certificate:</strong></p> <div class=highlight><pre><span></span><code><span class=go>openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj &#39;/CN=My Cert Authority&#39;</span>
</code></pre></div> <p>Note: If using CA Authentication, described below, you will need to sign the server certificate with the CA.</p> <h2 id=client-certificate-authentication>Client Certificate Authentication<a class=headerlink href=#client-certificate-authentication title="Permanent link"></a></h2> <p>CA Authentication also known as Mutual Authentication allows both the server and client to verify each others identity via a common CA.</p> <p>We have a CA Certificate which we usually obtain from a Certificate Authority and use that to sign both our server certificate and client certificate. Then every time we want to access our backend, we must pass the client certificate.</p> <p>These instructions are based on the following <a href=https://medium.com/@awkwardferny/configuring-certificate-based-mutual-authentication-with-kubernetes-ingress-nginx-20e7e38fdfca>blog</a></p> <p><strong>Generate the CA Key and Certificate:</strong></p> <div class=highlight><pre><span></span><code><span class=go>openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj &#39;/CN=My Cert Authority&#39;</span>
</code></pre></div> <p><strong>Generate the Server Key, and Certificate and Sign with the CA Certificate:</strong></p> <div class=highlight><pre><span></span><code><span class=go>openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj &#39;/CN=mydomain.com&#39;</span>
<span class=go>openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt</span>
</code></pre></div> <p><strong>Generate the Client Key, and Certificate and Sign with the CA Certificate:</strong></p> <div class=highlight><pre><span></span><code><span class=go>openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj &#39;/CN=My Client&#39;</span>