I am trying to set istio to validate the jwts against our own OIDC provider, the provider uses a internally signed CA and I don’t know how to add the root certificate to pilot. Currently pilot is giving an error when fetching the public key:
2018-10-24T03:22:41.052354Z error model Failed to fetch pubkey from "https://iam.company.com.au/oauth2/jwks": Get https://iam.company.com.au/oauth2/jwks: x509: certificate signed by unknown authority 2018-10-24T03:22:41.052371Z warn Failed to fetch jwt public key from "https://iam.company.com.au/oauth2/jwks "
How do I get istio-pilot to trust certs from our CA? I have tried installing ca-certificates and including our CA public key in the Ubuntu certificates but it still won’t work.
apiVersion: "authentication.istio.io/v1alpha1" kind: "Policy" metadata: name: "our-service-jwt-example" spec: targets: - name: our-service origins: - jwt: issuer: iam.company.com.au jwksUri: "https://iam.company.com.au/oauth2/jwks" principalBinding: USE_ORIGIN