Hey everyone! I'm working on setting up an internal SSL with my own certificate authority for some services, including one hosted on a K3D cluster using Traefik. I've read that I might need to establish a server transport and set `insecureSkipVerify` to true, which I've managed to figure out. However, I'm struggling to find a solid example of how to properly configure this with an ingress. Any insights on how to get this working? Also, I hit a 404 error even though the same path works when SSL is disabled, so I'm a bit confused about that too!
3 Answers
Your own certificate authority? That's cool! Honestly, since it's just for internal use, it doesn't matter if the certificate is self-signed or from a recognized CA. Make sure to configure everything properly so it works smoothly.
The approach can vary based on your ingress setup, but generally, the ingress doesn't have to trust your self-signed certificate to present it for incoming connections. If you're considering a proper PKI setup, it would be better to avoid using `insecureSkipVerify` and follow the documentation to add your certificate correctly. That would simplify things in the long run.
If you're looking to do this the right way, especially for a production environment, it's a bit complex. I recently set up a multi-cluster private CA with Hashicorp Vault and integrated it with cert-manager for managing certificates. I recommend adding your root CA cert to the trusted cert store on each node. This way, you can avoid the `insecureSkipVerify` issue. It's challenging at first, but it's worth it for reliability!
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux