Exposing Ingress over HTTPS
In this section, we will learn how to configure the Istio Gateway to expose the Sockshop frontend application over HTTPs.
Steps 1 and 3 are optional if you already have a Certificate Authority (CA); usually, for production systems, these steps will be performed by your organization’s CA:
- Create a CA. Here, we are creating a CA with
CN(Common Name) assockshop.inc:$openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=Sockshop Inc./CN=Sockshop.inc' -keyout Sockshop.inc.key -out Sockshop.inc.crt
- Generate a Certificate Signing Request (CSR) for the sockshop. Here, we are generating a CSR for
sockshop.com, which also generates a private key:$openssl req -out sockshop.com.csr -newkey rsa:2048 -nodes -keyout sockshop.com.key -subj "/CN=sockshop.com/O=sockshop.inc"
- Sign the CSR using the CA with the following command:
$openssl x509 -req -sha256 -days 365 -CA Sockshop.inc.crt -CAkey Sockshop.inc.key ...
