Ingress mTLS with Client Certificate from a Trusted CA

ac_istio · April 26, 2021, 4:59pm

Hi,

We are attempting to setup mTLS on our Ingress Gateway with Trusted client certificates.

We have observed that the using the credentialName when the mode is MUTUAL does not seem to work.
We specified the serverCertificate, privateKey and caCertificates and that does work but you can put anything in caCertificates and the request goes through. Istio acts like the caCertificates is complete ignored. e.g. I put a zero byte file name ca.crt in the /etc/istio/ingressgateway-ca-certs/ca.crt and it worked.

Is Istio ignoring the caCertificates the because the Client certificate is from a Trusted CA ?

Thank you.

Topic		Replies	Views
Different CAs for server / client ingress mTLS	0	371	January 4, 2021
Istio IngressGateway mTLS only for select paths Networking	0	133	October 12, 2023
Ingress Gateway using Let's Encrypt include intermediate certificate Security	0	544	November 10, 2021
SSL passthrough does not work without intermediary chain Security	2	509	August 27, 2019
Terminating MTLS in ingressgateway - what about authorization? Security	5	2057	March 11, 2021