Hi I’m relatively new to Istio, and I’m facing an issue with some Digicert Root certificates, that are currently missing in Docker images.
To prevent changing all images and build new ones, I was trying to overcome this with Istio.
The solution I was trying is as follow:
1- Added service entry with destination host.
2- Created Virtual Service that gets request in port 80 and forwards to port 443:
- port: 80
Also have a Destination Rule as follow:
Conclusions after looking at the logs the redirect is working but I’m getting the error the request:
: upstream connect error or disconnect/reset before headers. reset reason: connection termination
Edit: After fiddling with Destination rule im getting the following error both with port 80 and 443:
port 443 : curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
port 80 : TLS error: 268436576:SSL routines:OPENSSL_internal on istio-proxy log
Can this be solved somehow with Istio? or any other idea on how to solve other than installing root cert in all images.