diff --git a/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md b/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md index 8bc79a6354..5b9c56dad5 100644 --- a/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md +++ b/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md @@ -745,11 +745,8 @@ external service. ## Troubleshooting -1. Check if you have [mutual TLS Authentication](/docs/tasks/security/authentication/authn-policy/) enabled in Istio. - If mutual TLS is enabled, make sure you create the configuration - items accordingly (note the remarks _If you have mutual TLS Authentication enabled in Istio, you must create..._). - -1. If [mutual TLS Authentication](/docs/tasks/security/authentication/authn-policy/) is enabled, verify the correct certificate of the egress gateway: +1. If [mutual TLS Authentication](/docs/tasks/security/authentication/authn-policy/) is enabled, verify the correct certificate of the + egress gateway: {{< text bash >}} $ kubectl exec -i -n istio-system $(kubectl get pod -l istio=egressgateway -n istio-system -o jsonpath='{.items[0].metadata.name}') -- cat /etc/certs/cert-chain.pem | openssl x509 -text -noout | grep 'Subject Alternative Name' -A 1 diff --git a/content/en/faq/security/check-policy.md b/content/en/faq/security/check-policy.md deleted file mode 100644 index 92294f4c90..0000000000 --- a/content/en/faq/security/check-policy.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: How can I check whether mutual TLS is enabled for a service? -weight: 11 ---- - -The [`istioctl`](/docs/reference/commands/istioctl) command provides an option for this purpose. You can do: - -{{< text bash >}} -$ istioctl authn tls-check $CLIENT_POD httpbin.default.svc.cluster.local -HOST:PORT STATUS SERVER CLIENT AUTHN POLICY DESTINATION RULE -httpbin.default.svc.cluster.local:8000 OK STRICT ISTIO_MUTUAL /default istio-system/default -{{< /text >}} - -Where `$CLIENT_POD` is the ID of one of the client service's pods.