DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix CA certificate example docs

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2019-04-08 08:35:34 -04:00
parent 4efe549502
commit d589fb485a
No known key found for this signature in database
GPG key ID: 786136016A8BA02A
3 changed files with 33 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

23
docs/examples/PREREQUISITES.md
View file

@ -24,7 +24,7 @@ Note: If using CA Authentication, described below, you will need to sign the ser
## Client Certificate Authentication
CA Authentication also known as Mutual Authentication allows both the server and client to verify each others
identity via a common CA.
identity via a common CA.
We have a CA Certificate which we obtain usually from a Certificate Authority and use that to sign
both our server certificate and client certificate. Then every time we want to access our backend, we must
@ -33,17 +33,26 @@ pass the client certificate.
These instructions are based on the following [blog](https://medium.com/@awkwardferny/configuring-certificate-based-mutual-authentication-with-kubernetes-ingress-nginx-20e7e38fdfca)
**Generate the CA Key and Certificate:**
$ openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj '/CN=My Cert Authority'
```console
openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj '/CN=My Cert Authority'
```
**Generate the Server Key, and Certificate and Sign with the CA Certificate:**
$ openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=mydomain.com'
$ openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
```console
openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=mydomain.com'
openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
```
**Generate the Client Key, and Certificate and Sign with the CA Certificate:**
$ openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj '/CN=My Client'
$ openssl x509 -req -sha256 -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt
Once this is complete you can continue to follow the instructions [here](./auth/client-certs/README.md)
```console
openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj '/CN=My Client'
openssl x509 -req -sha256 -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt
```
Once this is complete you can continue to follow the instructions [here](./auth/client-certs/README.md#creating-certificate-secrets)
## Test HTTP Service