How can I used self signed certificates with Istio?

I want to test kubernetes service access over tls and mutual tls using self signed certificates. What are the steps for this?

Hi Steven,

the demo installation of Istio generates and uses a self-signed certificate by default. You won’t have to perform any additional steps to use it; if you want to use your own certificate to secure mTLS communication, you can achieve that by setting

  selfSigned: false

in the helm YAML file you use to install Istio. You will then have to create a secret called cacerts in the control plane namespace containing these keys with appropriate PEM data:

  • ca-cert.pem
  • ca-key.pem
  • root-cert.pem
  • cert-chain.pem

Ok, where are these certificates? The demo ones? And if I did not install with demo option is there a way to still get them? Are they available as a secret or file mounted with the Ingress? Do you have a link that describes these demo certificates and how to use them with the ingress?