External HTTPS proxy with custom CA

ravikant_tyagi · July 8, 2022, 12:22am

HI,

we are facing a challenge with istio egress with an external https proxy. where CA is private and we want to validate it inside the envoy instead of the application container, We tried the same scenario with squid which was using public CA and working fine for us because cert was validating inside the application container. but now we are using an external HTTPS proxy and cert validation getting failed. looking for the configuration that can help me to validate certs without adding in the application pod.

Thank you in advance for the help

ravikant_tyagi · July 11, 2022, 4:51pm

Waiting for the help

ilgatnau · July 14, 2022, 10:06am

I believe this fix is what you need, we have similar issue and we’re still waiting for this to be release, we should try to push for it: https://github.com/istio/istio/pull/37968

Topic		Replies	Views
Trust custom Root CA on Egress Gateway Security	18	4442	July 24, 2019
Custom client certificates for service to service calls Security	8	2787	April 3, 2019
Adding 3rd party CA to istio-proxy (for egress traffic) Security	0	193	October 12, 2023
TLS Handling from Envoy Security	2	526	November 3, 2020
503 when implementing egress tls origination	4	1436	July 31, 2020

External HTTPS proxy with custom CA

Related Topics