istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[master] Add the information that you can concatenate CA certs (#10057) 

* Add the information that you can concatenate CA certs

Add the information that you can concatenate CA certs if you want to accept MTLS from client providing certificate signed by different CAs

* english review comments

* adding back key and also adding "value"

Co-authored-by: Laurent Demailly <ldemailly@gmail.com>
This commit is contained in:
Istio Automation 2021-07-11 13:26:54 -07:00 committed by GitHub
parent 6df4ad7635
commit c01da14edd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
content/en/docs/tasks/traffic-management/ingress/secure-ingress/index.md
View File

@ -427,6 +427,7 @@ Istio supports reading a few different Secret formats, to support integration wi
* A TLS Secret with keys `tls.key` and `tls.crt`, as described above. For mutual TLS, a `ca.crt` key can be used.
* A generic Secret with keys `key` and `cert`. For mutual TLS, a `cacert` key can be used.
* A generic Secret with keys `key` and `cert`. For mutual TLS, a separate generic Secret named `<secret>-cacert`, with a `cacert` key. For example, `httpbin-credential` has `key` and `cert`, and `httpbin-credential-cacert` has `cacert`.
* The `cacert` key value can be a CA bundle consisting of concatenated individual CA certificates.
### SNI Routing