I'm curious if anyone has successfully configured end-to-end encryption with an Istio Gateway specifically on AWS. I'm currently trying to use an ACM certificate on the Network Load Balancer (NLB) and a self-signed certificate on the Istio Gateway, but I keep running into 'Empty Reply From Server' errors. Just to clarify, terminating SSL at the NLB and having plain text communication to the Gateway works fine. Even TCP passthrough to the Gateway is functional, but the browser sees the self-signed cert at the Gateway, which isn't ideal. Any advice or guidance would be greatly appreciated!
1 Answer
I use an ACM cert directly on the gateway and keep the NLB from decrypting. Have you tried connecting to each step in the process directly? Also, is there a specific reason you’re going with a self-signed certificate? It seems like it might introduce unnecessary complexity.
Honestly, I chose a self-signed cert because it's easy to manage and has less overhead. I wanted to ensure the overall flow worked before refining it. I hesitated to use Let's Encrypt since I didn’t want to hit rate limits if it's deployed widely. But just to confirm, are you exporting the ACM cert to use on your gateway?