Replies: 1 comment 1 reply
-
|
Yeah in modern versions this is secure-by-default. You only need to configure things if you need to customize the verification |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Hi @howardjohn. How can we configure for that ? I've same problem for update Istio version. Our app returns CERTIFICATE_VERIFY_FAILED |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
It states that the
sniandsubjectAltNamesfields should be set. However, since istio 1.21, theENABLE_AUTO_SNIis set to true by default, which means SNI will be set automatically based on the downstream HTTP host/authority header. The same applies to thesubjectAltNamesfield. According to the Destination Rule reference, if it is unspecified, an automatic validation of the upstream presented certificate for new upstream connections will be done based on the downstream HTTP host/authority header.Am I missing something?
Beta Was this translation helpful? Give feedback.
All reactions