External HTTPS proxy with custom CA

ravikant_tyagi · July 8, 2022, 12:22am

HI,

we are facing a challenge with istio egress with an external https proxy. where CA is private and we want to validate it inside the envoy instead of the application container, We tried the same scenario with squid which was using public CA and working fine for us because cert was validating inside the application container. but now we are using an external HTTPS proxy and cert validation getting failed. looking for the configuration that can help me to validate certs without adding in the application pod.

Thank you in advance for the help

ravikant_tyagi · July 11, 2022, 4:51pm

Waiting for the help

ilgatnau · July 14, 2022, 10:06am

I believe this fix is what you need, we have similar issue and we’re still waiting for this to be release, we should try to push for it: https://github.com/istio/istio/pull/37968

Topic		Replies	Views
Best practices for mounting egress caCertificates (Trouble with: Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 0 successful, 6 rejected; lds updates: 5 successful, 0 rejected) Security	6	5408	June 17, 2020
Trust custom Root CA on Egress Gateway Security	18	4959	July 24, 2019
Custom client certificates for service to service calls Security	8	3018	April 3, 2019
Adding 3rd party CA to istio-proxy (for egress traffic) Security	0	315	October 12, 2023
TLS Handling from Envoy Security	2	617	November 3, 2020

External HTTPS proxy with custom CA

Related topics