I want to test kubernetes service access over tls and mutual tls using self signed certificates. What are the steps for this?
the demo installation of Istio generates and uses a self-signed certificate by default. You won’t have to perform any additional steps to use it; if you want to use your own certificate to secure mTLS communication, you can achieve that by setting
security: selfSigned: false
in the helm YAML file you use to install Istio. You will then have to create a secret called
cacerts in the control plane namespace containing these keys with appropriate PEM data:
Ok, where are these certificates? The demo ones? And if I did not install with demo option is there a way to still get them? Are they available as a secret or file mounted with the Ingress? Do you have a link that describes these demo certificates and how to use them with the ingress?