DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support to CRL (#3164)

Browse source 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

Add support to CRL

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
This commit is contained in:
Ricardo Katz 2019-09-03 17:47:28 -03:00 committed by Manuel Alejandro de Brito Fontes
parent 48c89cbe3c
commit 9c51676f17
8 changed files with 140 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/examples/auth/client-certs/README.md
View file

@ -44,6 +44,12 @@ Authentication to work properly.
kubectl create secret generic ca-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt
```
3. If you want to also enable Certificate Revocation List verification you can
create the secret also containing the CRL file in PEM format:
```bash
kubectl create secret generic ca-secret --from-file=ca.crt=ca.crt --from-file=ca.crl=ca.crl
```
Note: The CA Certificate must contain the trusted certificate authority chain to verify client certificates.
## Setup Instructions