created ssl certificate and imported into istio gateway and virtual service up and running fine. while accessing with curl from ingressateway ip it showing error.
curl https://abb936882d5594ab0b76d7c059cf64f6-1086964687.us-west-2.elb.amazonaws.com:9443 curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted. More details here: https://curl.se/docs/sslcerts.html
gateway.yaml apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: my-gateway spec: selector: istio: ingressgateway servers: - port: number: 9443 name: http protocol: HTTPS tls: mode: SIMPLE credentialName: mysuperdomain-certs hosts: - '' - port: number: 7443 name: http-two protocol: HTTPS tls: mode: SIMPLE credentialName: mysuperdomain-certs hosts: - '' - port: number: 6443 name: http-three protocol: HTTPS tls: mode: SIMPLE credentialName: mysuperdomain-certs hosts: - '*'
virtualservice.yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: my-virtualservice spec: hosts: - '*' gateways: - my-gateway http: - match: - port: 9443 route: - destination: host: httpbin-one.default.svc.cluster.local port: number: 9443 - match: - port: 7443 route: - destination: host: httpbin-two.default.svc.cluster.local port: number: 7443 - match: - port: 6443 route: - destination: host: httpbin-three.default.svc.cluster.local port: number: 6443
how to fix this error. Istio installed in eks application work with TLS ( ISTIO ssl created with this command kubectl create secret tls mysuperdomain-certs -n istio-system --key cert/cert.pem --cert cert/key.pem ).