如何将Digicert与Nginx-ingress结合使用以启用https [英] How to use digicert with nginx-ingress to enable https

问题描述

我正在尝试使用通过digicert获得的证书在我的nginx-ingress上启用https.我们已经获得了通配符证书，并且我具有以下文件.

I'm trying to use the certificates obtained through digicert to enable https on my nginx-ingress. We've obtained a wildcard certificate and I have the following files.

domain_name_2019-2021.csr
domain_name_2019-2021.key
domain_name_2019-2021.pem
DigiCertCA2_2019-2021.pem
star_domain_name_2019_2021.pem
TrustedRoot.pem

我通过运行以下命令创建了tls机密

I've created the tls secrets by running the following commands

kubectl create secret tls tls-secret --key ${KEY_FILE} --cert ${CERT_FILE}

并像这样在我的入口配置中使用了这些秘密

And used these secrets in my ingress configuration like so

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-service
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
    - hosts:
       - {{ .Values.host }}
      secretName: tls-secret
  rules:
    - host: {{ .Values.host }}
      http:
        paths:
          - path: /
            backend:
              serviceName: service_name
              servicePort: 443

但是，当浏览至subdomain.domain_name.com时，我得到的证书无效，错误为This certificate has not been verified by a third party.证书使用Kubernetes Ingress Controller Fake Certificate

However when browse to subdomain.domain_name.com I get an invalid certificate with an error of This certificate has not been verified by a third party. And the certificate its using says Kubernetes Ingress Controller Fake Certificate

推荐答案

，您可以遵循此stackoverflow帖子.

you can follow this, to install Jetstack cert-manager, once you make this installed, please follow this stackoverflow post.

它将解决您的查询.

由您创建的当前证书不是必需的，在这里，只要能够验证acme挑战，jetstack就会自动创建该证书，为此，您需要将DNS或主机名映射到Nginx的负载均衡器IP.

The current certificates created by you are not necessary for this, here the certificate will be automatically created by jetstack once it would be able to get the acme challenge verified, for that verification sake you need to map the DNS or hostname to the Load balancer IP of nginx.

这应该可以解决您将http转换为https的目的

This should solve your purpose to get http to https conversion

这篇关于如何将Digicert与Nginx-ingress结合使用以启用https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！