I am just getting to TLS and mTLS. Now I do NOT have a domain name. Letsencrypt is not an option because of this. Maybe later. And I think this is typical of people using Istio in the early stages. You dont have a domain name in the beginning as you evaluate rolling it out for an api and checking the mTLS features. I would like to clarify a few things about TLS and mTLS.
-
Where are the demo keys located? Are they attached to any domain names or not?
-
If I dont have demo keys because demo configuration not selected how can I generate them? yes, not everyone will select demo in the beginning.
-
Can I just use openSSL to generate the keys without specifying a domain name for the certificates and this will be accepted?
-
Do I need to involved the Kubernetes Cert Manager in this process? Yes, or no or recommended?
-
Should I file mount the certificates on the Ingress pod or use a secret?
-
How do I get the key(s) transferred to my mobile app? Is there an api for this key transfer operation?