Remote error: tls: error decrypting message and bad certificate

I am starting out with Istio and did a fresh install. I am trying to enable TLS on north-south traffic by creating a gateway resource enabled with TLS and am following this doco

https://istio.io/docs/tasks/traffic-management/ingress/secure-ingress-mount/.

I have following everything to the dot but I keep getting this error:

2020-05-21T04:41:44.467181Z info    grpc: Server.Serve failed to complete security handshake from "10.x.x.x:34774": remote error: tls: bad certificate
2020-05-21T04:41:54.416502Z info    grpc: Server.Serve failed to complete security handshake from "10.x.x.x:56768": remote error: tls: error decrypting message
2020-05-21T04:42:00.305269Z info    grpc: Server.Serve failed to complete security handshake from "10.x.x.x:56834": remote error: tls: error decrypting message

Any idea why this is happening? I did check for typos while creating certs but cannot find any.

This works for when I disable TLS and use HTTP. So I am assuming that the error is from using the certificates and the logs tell the same thing too.

Details about the cluster:

AWS EKS Version: 1.14

Istio Version: 1.51

Any help would be greatly appreciated!

Hi @Yashwanth_Yellapraga

AFAIK from istio 1.5 sds is enabled by default. It is not use File mount.


having it at there create confusion but in new release (istio1.6)
See the istio1.6 https://istio.io/docs/tasks/traffic-management/ingress/
in which it is not there.