Issues with certificate from secret istio-ca-secret (Ingressgateway)


I am trying out istio1.1 using a few installation options documented at :

–set prometheus.gateway.enabled=true --set grafana.gateway.enabled=true --set grafana.enabled=true --set global.tracing.enabled=true

This creates virtualservices, gateways and destinationrules for prometheus and grafana on installation. It looks like this uses self signed certificates. I extracted the certificate from the secret : istio-ca-secret and imported it into the keytool on my machine, and then tried accessing the grafana dashboard like this using curl with the url :


I get this error : curl: (51) SSL: unable to obtain common name from peer certificate

The certificate does not have a Common Name in the Subject. I could access the url from Firefox, but had to set : security.enterprise_roots.enabled to true. Anyone using this successfully?


Sorry for the late reply. Does this issue still exist?