I have ingress yaml file that i added ssl certificate it uses acme.com (localhost) as domain. Here is the yaml file config:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-srv
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
tls:
- hosts:
- acme.com
secretName: nginx-tls-secret
rules:
- host: acme.com
http:
paths:
- path: /api/platforms
pathType: Prefix
backend:
service:
name: platforms-clusterip-srv
port:
number: 80
- path: /api/c/platforms
pathType: Prefix
backend:
service:
name: commands-clusterip-srv
port:
number: 80
I have done the steps provided in this answer and still nothing works: https://stackoverflow.com/a/60516812
The commands I executed:
openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 365 -out myCA.pem
Country Name (2 letter code) [AU]:BG
State or Province Name (full name) [Some-State]:Sofia
Locality Name (eg, city) []:Sofia
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company
Organizational Unit Name (eg, section) []:BU
Common Name (e.g. server FQDN or YOUR name) []:acme.com
Email Address []:[email protected]
openssl genrsa -out acme.com.key 2048
openssl req -new -key acme.com.key -out acme.com.csr
Country Name (2 letter code) [AU]:BG
State or Province Name (full name) [Some-State]:Sofia
Locality Name (eg, city) []:Sofia
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company
Organizational Unit Name (eg, section) []:BU
Common Name (e.g. server FQDN or YOUR name) []:acme.com
Email Address []:[email protected]
openssl x509 -req -in acme.com.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out acme.com.crt -days 825 -sha256 -extfile acme.com.ext
openssl verify -CAfile myCA.pem -verify_hostname acme.com acme.com.crt
#response from the command
acme.com.crt: OK
I have tried to combine my certificate I did this commands:
cat acme.com.crt myCA.pem > combined.crt
cat combined.crt acme.com.csr > combinedNew.crt
My secret looks like this:
kubectl create secret tls nginx-tls-secret --cert=combinedNew.crt --key=acme.com.key
When I execute this command:
openssl s_client -showcerts -connect acme.com:443
I get this as result:
CONNECTED(000001C0)
depth=1 C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
verify return:1
depth=0 C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
verify return:1
---
Certificate chain
0 s:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
i:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 21 18:24:22 2023 GMT; NotAfter: Oct 23 18:24:22 2025 GMT
-----BEGIN CERTIFICATE-----
MIID/zCCAuegAwIBAgIUZUHsgtF7u6p65e2HM0BhlUVLc90wDQYJKoZIhvcNAQEL
BQAwfjELMAkGA1UEBhMCQkcxDjAMBgNVBAgMBVNvZmlhMQ4wDAYDVQQHDAVTb2Zp
YTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxETAPBgNVBAMMCGFjbWUu
Y29tMR0wGwYJKoZIhvcNAQkBFg5hZG1pbkBhY21lLmNvbTAeFw0yMzA3MjExODI0
MjJaFw0yNTEwMjMxODI0MjJaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIDAVTb2Zp
YTEOMAwGA1UEBwwFU29maWExEDAOBgNVBAoMB0NvbXBhbnkxCzAJBgNVBAsMAkJV
MREwDwYDVQQDDAhhY21lLmNvbTEdMBsGCSqGSIb3DQEJARYOYWRtaW5AYWNtZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvDWaYN3OUzXLVAr4M
2FUylthW2zktgc4apXkBy0S3lYbjq/a0My0c3HMCliRkyOUjxI43sonKzB0G4Lkf
mcHhPSycTWJDPPCgJj3hPpO1jvJptLztrZDFxsSI86NtKkgF1vrZTwNdbdrGFiL8
ca52h0S4Okkh37Bg6zK/zXUsx5lW64FKwFnqWMVy0A8UN/cqSIkv/MSvBT3RULj4
lzx3ZjhA5Uge+Jo/M47R0C2f3ljZXE49keDDm5Wxcye0qb9b9RsipW159+bz4juE
1vufhGjWIjELuSSMoIrpWOzvk+ttneBmqK8Qi2OCwrrFnuDkJrlxkd+dwJ9IuEmh
aU9PAgMBAAGjdTBzMB8GA1UdIwQYMBaAFHcjKxFT4ZatmQZeInuE6f1AoU+tMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgTwMBkGA1UdEQQSMBCCCGFjbWUuY29thwR/AAAB
MB0GA1UdDgQWBBSdWtOCGu1I3CoIOKdg5A1w32LTuzANBgkqhkiG9w0BAQsFAAOC
AQEAJraqG0baehlp26N1HARhcThES/07P7Oh9yDO6bfQMirw9MvEY3LG0OPziZUG
/pk1hMX4h2IhFTNRt2t/YMKCzstoIztJlWnKHAXigX1zuJZXG/1DWNakx6xntMW4
p708aLnRlpE7wCaRqRcbMxkS/5///b1/eXu++h3pPwk9hKYgIe78O5ObAzq/2Riz
5UGzs2yWidi3/MfNcY5fDu3zTs6vnqWlFDtY2P+jYnRbnroIZX9GV44grYELX3C2
vjaKBpTQ1jRBRhXWHzLexFyPz1wkwk4xqKj//C8LqI+I7BbF+TSB0o+oolX7yDxn
nG7w0KiO1qhpHAdDqry7+e66CA==
-----END CERTIFICATE-----
1 s:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
i:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 21 16:18:26 2023 GMT; NotAfter: Jul 20 16:18:26 2024 GMT
-----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIUAsNNE3Je/DIgQV9jcs1TvAP6dqkwDQYJKoZIhvcNAQEL
BQAwfjELMAkGA1UEBhMCQkcxDjAMBgNVBAgMBVNvZmlhMQ4wDAYDVQQHDAVTb2Zp
YTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxETAPBgNVBAMMCGFjbWUu
Y29tMR0wGwYJKoZIhvcNAQkBFg5hZG1pbkBhY21lLmNvbTAeFw0yMzA3MjExNjE4
MjZaFw0yNDA3MjAxNjE4MjZaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIDAVTb2Zp
YTEOMAwGA1UEBwwFU29maWExEDAOBgNVBAoMB0NvbXBhbnkxCzAJBgNVBAsMAkJV
MREwDwYDVQQDDAhhY21lLmNvbTEdMBsGCSqGSIb3DQEJARYOYWRtaW5AYWNtZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBKFS9hLALLhbjZt+/
L/Kz6OUjN2SjbazBBE4kr+/nJWts7ni9moU5tUK+lDX17btlJwDpBQq2gPgQuRwD
TdcA2tpvUPfsYJXH7PYJ0aFFzakzWFfZxF4mC/nXgnvNdutP0CXcPXefBHsuq15/
s43sLowiVc+5L/5AdkI5sMwuL4DEIdxb/DfVcbsPFt2EoN0DjCf/cR44BV+EXD2m
48eIQgkd4iayYBZsJ3z+sNzWduM9Evt3Cmokf8oEOxbrSVQgcAihnypbB9CzuKyk
EfVT/FBmWUOIKlHVAnJqZ+UCcjAsqwU9tCJ1B7U50MlR68DQwm/KFoAh2hpYRdGS
cXNtAgMBAAGjUzBRMB0GA1UdDgQWBBR3IysRU+GWrZkGXiJ7hOn9QKFPrTAfBgNV
HSMEGDAWgBR3IysRU+GWrZkGXiJ7hOn9QKFPrTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBxUMS78pKTSYYU8dVc6uNa0+A6W3l1MzNVJyDs/XCg
zXqteFsKC7WVw1ssg3nid8CkH3GA9J0Zl4TxcT49VKyi9waWKY8tEs/bAaqV/gLF
COVJw+Byl0TRljTSON8IZf7hqyFTKqJpxmcohp029bvl1TmQMEFv8igGBi71pqeM
3hOp1RdPWPob3XX1Y5+gyoBkKNIgKcTcXEZtEvYpj95LfPWFn7jHEPvagB5K71t7
YoePwrg4bEcJq5yN2kUhsLGDQJfthxWIqq10JJ1lhk2Q4fnB07OVgdcEQNR3QYYF
2POjZ1UBJxQltvOkg6m/779beir4bWaI9CBAegLv6nDg
-----END CERTIFICATE-----
---
Server certificate
subject=C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
issuer=C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2585 bytes and written 390 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 79BB582C33BA4F92E89AB9DC286501D73C90B989435B102D8AA6082DBBD78B9B
Session-ID-ctx:
Resumption PSK: D1420360C364B2169355CDC28E742AAA08BE93E75B1CA05B1BCBDBC5C80E5D6FF2A13673B75CF4AD62CA3C11FE3BA88D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - d9 1e 3b e0 72 95 61 13-d7 ea d4 39 15 e0 eb 1a ..;.r.a....9....
0010 - f8 d8 0f 2c 0a 1d 85 4e-f2 08 1d c1 8c b8 45 d3 ...,...N......E.
Start Time: 1690011545
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: C482007290A74F56ED5E5E3AA70B563384E9A303FB3B78979A1BB3D2EB744249
Session-ID-ctx:
Resumption PSK: 414EE67B9769DD74F1EAF4A311433FF6BE854F464A672FF99C8D135429420A5C1B9FEDE52F0FEC07E4EA6ACE05F21A23
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - e0 98 26 2f 6c a8 08 08-3d 5b de d5 97 53 09 ef ..&/l...=[...S..
0010 - ec b6 43 f8 f4 dd 05 cf-00 11 9d f0 a0 12 c3 19 ..C.............
Start Time: 1690011545
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
PS C:\Users\p_stoyanov\SSLKey> openssl s_client -showcerts -connect acme.com:443
CONNECTED(000001C0)
depth=1 C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
verify return:1
depth=0 C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
verify return:1
---
Certificate chain
0 s:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
i:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 21 18:24:22 2023 GMT; NotAfter: Oct 23 18:24:22 2025 GMT
-----BEGIN CERTIFICATE-----
MIID/zCCAuegAwIBAgIUZUHsgtF7u6p65e2HM0BhlUVLc90wDQYJKoZIhvcNAQEL
BQAwfjELMAkGA1UEBhMCQkcxDjAMBgNVBAgMBVNvZmlhMQ4wDAYDVQQHDAVTb2Zp
YTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxETAPBgNVBAMMCGFjbWUu
Y29tMR0wGwYJKoZIhvcNAQkBFg5hZG1pbkBhY21lLmNvbTAeFw0yMzA3MjExODI0
MjJaFw0yNTEwMjMxODI0MjJaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIDAVTb2Zp
YTEOMAwGA1UEBwwFU29maWExEDAOBgNVBAoMB0NvbXBhbnkxCzAJBgNVBAsMAkJV
MREwDwYDVQQDDAhhY21lLmNvbTEdMBsGCSqGSIb3DQEJARYOYWRtaW5AYWNtZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvDWaYN3OUzXLVAr4M
2FUylthW2zktgc4apXkBy0S3lYbjq/a0My0c3HMCliRkyOUjxI43sonKzB0G4Lkf
mcHhPSycTWJDPPCgJj3hPpO1jvJptLztrZDFxsSI86NtKkgF1vrZTwNdbdrGFiL8
ca52h0S4Okkh37Bg6zK/zXUsx5lW64FKwFnqWMVy0A8UN/cqSIkv/MSvBT3RULj4
lzx3ZjhA5Uge+Jo/M47R0C2f3ljZXE49keDDm5Wxcye0qb9b9RsipW159+bz4juE
1vufhGjWIjELuSSMoIrpWOzvk+ttneBmqK8Qi2OCwrrFnuDkJrlxkd+dwJ9IuEmh
aU9PAgMBAAGjdTBzMB8GA1UdIwQYMBaAFHcjKxFT4ZatmQZeInuE6f1AoU+tMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgTwMBkGA1UdEQQSMBCCCGFjbWUuY29thwR/AAAB
MB0GA1UdDgQWBBSdWtOCGu1I3CoIOKdg5A1w32LTuzANBgkqhkiG9w0BAQsFAAOC
AQEAJraqG0baehlp26N1HARhcThES/07P7Oh9yDO6bfQMirw9MvEY3LG0OPziZUG
/pk1hMX4h2IhFTNRt2t/YMKCzstoIztJlWnKHAXigX1zuJZXG/1DWNakx6xntMW4
p708aLnRlpE7wCaRqRcbMxkS/5///b1/eXu++h3pPwk9hKYgIe78O5ObAzq/2Riz
5UGzs2yWidi3/MfNcY5fDu3zTs6vnqWlFDtY2P+jYnRbnroIZX9GV44grYELX3C2
vjaKBpTQ1jRBRhXWHzLexFyPz1wkwk4xqKj//C8LqI+I7BbF+TSB0o+oolX7yDxn
nG7w0KiO1qhpHAdDqry7+e66CA==
-----END CERTIFICATE-----
1 s:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
i:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 21 16:18:26 2023 GMT; NotAfter: Jul 20 16:18:26 2024 GMT
-----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIUAsNNE3Je/DIgQV9jcs1TvAP6dqkwDQYJKoZIhvcNAQEL
BQAwfjELMAkGA1UEBhMCQkcxDjAMBgNVBAgMBVNvZmlhMQ4wDAYDVQQHDAVTb2Zp
YTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxETAPBgNVBAMMCGFjbWUu
Y29tMR0wGwYJKoZIhvcNAQkBFg5hZG1pbkBhY21lLmNvbTAeFw0yMzA3MjExNjE4
MjZaFw0yNDA3MjAxNjE4MjZaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIDAVTb2Zp
YTEOMAwGA1UEBwwFU29maWExEDAOBgNVBAoMB0NvbXBhbnkxCzAJBgNVBAsMAkJV
MREwDwYDVQQDDAhhY21lLmNvbTEdMBsGCSqGSIb3DQEJARYOYWRtaW5AYWNtZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBKFS9hLALLhbjZt+/
L/Kz6OUjN2SjbazBBE4kr+/nJWts7ni9moU5tUK+lDX17btlJwDpBQq2gPgQuRwD
TdcA2tpvUPfsYJXH7PYJ0aFFzakzWFfZxF4mC/nXgnvNdutP0CXcPXefBHsuq15/
s43sLowiVc+5L/5AdkI5sMwuL4DEIdxb/DfVcbsPFt2EoN0DjCf/cR44BV+EXD2m
48eIQgkd4iayYBZsJ3z+sNzWduM9Evt3Cmokf8oEOxbrSVQgcAihnypbB9CzuKyk
EfVT/FBmWUOIKlHVAnJqZ+UCcjAsqwU9tCJ1B7U50MlR68DQwm/KFoAh2hpYRdGS
cXNtAgMBAAGjUzBRMB0GA1UdDgQWBBR3IysRU+GWrZkGXiJ7hOn9QKFPrTAfBgNV
HSMEGDAWgBR3IysRU+GWrZkGXiJ7hOn9QKFPrTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBxUMS78pKTSYYU8dVc6uNa0+A6W3l1MzNVJyDs/XCg
zXqteFsKC7WVw1ssg3nid8CkH3GA9J0Zl4TxcT49VKyi9waWKY8tEs/bAaqV/gLF
COVJw+Byl0TRljTSON8IZf7hqyFTKqJpxmcohp029bvl1TmQMEFv8igGBi71pqeM
3hOp1RdPWPob3XX1Y5+gyoBkKNIgKcTcXEZtEvYpj95LfPWFn7jHEPvagB5K71t7
YoePwrg4bEcJq5yN2kUhsLGDQJfthxWIqq10JJ1lhk2Q4fnB07OVgdcEQNR3QYYF
2POjZ1UBJxQltvOkg6m/779beir4bWaI9CBAegLv6nDg
-----END CERTIFICATE-----
---
Server certificate
subject=C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
issuer=C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2585 bytes and written 390 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 231912B5E628CEFF84675FB9B8B037541570C369732A9E25285EECBD73EE1672
Session-ID-ctx:
Resumption PSK: 5600CB33222D7A12B88D8F7204A19A2F52A85EF054A1502A2458488BA301D168FD8083205D8E2093745EC0C50E047705
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 45 d7 4d 8a ba 4d a8 7f-4a df da 7a 11 04 4b d6 E.M..M..J..z..K.
0010 - a2 44 59 b9 65 7f f9 73-b4 f4 43 93 06 bd 69 53 .DY.e..s..C...iS
Start Time: 1690012068
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 41F472754EFA1F4DC5266D22C4CFC994106B2F10AF7CB50A1374B8A50AF4BD68
Session-ID-ctx:
Resumption PSK: FC52F7240902EE63814EEF7E703707D621FCDFBEE0F96EFAC870432CA72872ABC4B817DF3AF6F4B60854B723EEBD5D2D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - d1 88 ee 05 fb c9 0e 0b-ba 4c 32 d1 e8 c2 1f 8f .........L2.....
0010 - d5 2f dd b7 6b fd 3f 00-c9 51 1a d7 9e 9c 9b ea ./..k.?..Q......
Start Time: 1690012068
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
PS C:\Users\p_stoyanov\SSLKey> openssl s_client -showcerts -connect acme.com:443
CONNECTED(000001BC)
depth=1 C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
verify return:1
depth=0 C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
verify return:1
---
Certificate chain
0 s:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
i:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 21 18:24:22 2023 GMT; NotAfter: Oct 23 18:24:22 2025 GMT
-----BEGIN CERTIFICATE-----
MIID/zCCAuegAwIBAgIUZUHsgtF7u6p65e2HM0BhlUVLc90wDQYJKoZIhvcNAQEL
BQAwfjELMAkGA1UEBhMCQkcxDjAMBgNVBAgMBVNvZmlhMQ4wDAYDVQQHDAVTb2Zp
YTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxETAPBgNVBAMMCGFjbWUu
Y29tMR0wGwYJKoZIhvcNAQkBFg5hZG1pbkBhY21lLmNvbTAeFw0yMzA3MjExODI0
MjJaFw0yNTEwMjMxODI0MjJaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIDAVTb2Zp
YTEOMAwGA1UEBwwFU29maWExEDAOBgNVBAoMB0NvbXBhbnkxCzAJBgNVBAsMAkJV
MREwDwYDVQQDDAhhY21lLmNvbTEdMBsGCSqGSIb3DQEJARYOYWRtaW5AYWNtZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvDWaYN3OUzXLVAr4M
2FUylthW2zktgc4apXkBy0S3lYbjq/a0My0c3HMCliRkyOUjxI43sonKzB0G4Lkf
mcHhPSycTWJDPPCgJj3hPpO1jvJptLztrZDFxsSI86NtKkgF1vrZTwNdbdrGFiL8
ca52h0S4Okkh37Bg6zK/zXUsx5lW64FKwFnqWMVy0A8UN/cqSIkv/MSvBT3RULj4
lzx3ZjhA5Uge+Jo/M47R0C2f3ljZXE49keDDm5Wxcye0qb9b9RsipW159+bz4juE
1vufhGjWIjELuSSMoIrpWOzvk+ttneBmqK8Qi2OCwrrFnuDkJrlxkd+dwJ9IuEmh
aU9PAgMBAAGjdTBzMB8GA1UdIwQYMBaAFHcjKxFT4ZatmQZeInuE6f1AoU+tMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgTwMBkGA1UdEQQSMBCCCGFjbWUuY29thwR/AAAB
MB0GA1UdDgQWBBSdWtOCGu1I3CoIOKdg5A1w32LTuzANBgkqhkiG9w0BAQsFAAOC
AQEAJraqG0baehlp26N1HARhcThES/07P7Oh9yDO6bfQMirw9MvEY3LG0OPziZUG
/pk1hMX4h2IhFTNRt2t/YMKCzstoIztJlWnKHAXigX1zuJZXG/1DWNakx6xntMW4
p708aLnRlpE7wCaRqRcbMxkS/5///b1/eXu++h3pPwk9hKYgIe78O5ObAzq/2Riz
5UGzs2yWidi3/MfNcY5fDu3zTs6vnqWlFDtY2P+jYnRbnroIZX9GV44grYELX3C2
vjaKBpTQ1jRBRhXWHzLexFyPz1wkwk4xqKj//C8LqI+I7BbF+TSB0o+oolX7yDxn
nG7w0KiO1qhpHAdDqry7+e66CA==
-----END CERTIFICATE-----
1 s:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
i:C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 21 16:18:26 2023 GMT; NotAfter: Jul 20 16:18:26 2024 GMT
-----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIUAsNNE3Je/DIgQV9jcs1TvAP6dqkwDQYJKoZIhvcNAQEL
BQAwfjELMAkGA1UEBhMCQkcxDjAMBgNVBAgMBVNvZmlhMQ4wDAYDVQQHDAVTb2Zp
YTEQMA4GA1UECgwHQ29tcGFueTELMAkGA1UECwwCQlUxETAPBgNVBAMMCGFjbWUu
Y29tMR0wGwYJKoZIhvcNAQkBFg5hZG1pbkBhY21lLmNvbTAeFw0yMzA3MjExNjE4
MjZaFw0yNDA3MjAxNjE4MjZaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIDAVTb2Zp
YTEOMAwGA1UEBwwFU29maWExEDAOBgNVBAoMB0NvbXBhbnkxCzAJBgNVBAsMAkJV
MREwDwYDVQQDDAhhY21lLmNvbTEdMBsGCSqGSIb3DQEJARYOYWRtaW5AYWNtZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBKFS9hLALLhbjZt+/
L/Kz6OUjN2SjbazBBE4kr+/nJWts7ni9moU5tUK+lDX17btlJwDpBQq2gPgQuRwD
TdcA2tpvUPfsYJXH7PYJ0aFFzakzWFfZxF4mC/nXgnvNdutP0CXcPXefBHsuq15/
s43sLowiVc+5L/5AdkI5sMwuL4DEIdxb/DfVcbsPFt2EoN0DjCf/cR44BV+EXD2m
48eIQgkd4iayYBZsJ3z+sNzWduM9Evt3Cmokf8oEOxbrSVQgcAihnypbB9CzuKyk
EfVT/FBmWUOIKlHVAnJqZ+UCcjAsqwU9tCJ1B7U50MlR68DQwm/KFoAh2hpYRdGS
cXNtAgMBAAGjUzBRMB0GA1UdDgQWBBR3IysRU+GWrZkGXiJ7hOn9QKFPrTAfBgNV
HSMEGDAWgBR3IysRU+GWrZkGXiJ7hOn9QKFPrTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBxUMS78pKTSYYU8dVc6uNa0+A6W3l1MzNVJyDs/XCg
zXqteFsKC7WVw1ssg3nid8CkH3GA9J0Zl4TxcT49VKyi9waWKY8tEs/bAaqV/gLF
COVJw+Byl0TRljTSON8IZf7hqyFTKqJpxmcohp029bvl1TmQMEFv8igGBi71pqeM
3hOp1RdPWPob3XX1Y5+gyoBkKNIgKcTcXEZtEvYpj95LfPWFn7jHEPvagB5K71t7
YoePwrg4bEcJq5yN2kUhsLGDQJfthxWIqq10JJ1lhk2Q4fnB07OVgdcEQNR3QYYF
2POjZ1UBJxQltvOkg6m/779beir4bWaI9CBAegLv6nDg
-----END CERTIFICATE-----
---
Server certificate
subject=C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
issuer=C = BG, ST = Sofia, L = Sofia, O = Company, OU = BU, CN = acme.com, emailAddress = [email protected]
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2585 bytes and written 390 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 21E8FC639CD6533E34FA545E7B1CDE7C008519CC8156547AC56E0FAD95769FA0
Session-ID-ctx:
Resumption PSK: B205D7AEE99D3F1E5C876BE3F056E788EE131B2AA3F91875D9824A7713048BD806EE0B621780926ABE4A807ED3DB6434
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - fb ff 2c 1f fa 17 97 ef-31 82 4a cd 9b a5 71 9b ..,.....1.J...q.
0010 - 4e 2c 47 af 0e dd 90 d5-da 64 a9 2e 19 a5 b6 d0 N,G......d......
Start Time: 1690012404
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: A40676944BEEB760A129FC2E4A288D77A5A557CE5DF490C07A9F995A7D944CC3
Session-ID-ctx:
Resumption PSK: 1147FAAE81DFDEC1431E52ADA2FD0A92FD1432AE32126A1D97B36AFFEEF0CC1F44088916E2927A6065EDFC2A0B67DBB6
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 93 d6 fd ed fe e8 f3 81-b8 ce bb 85 e6 e1 5b 36 ..............[6
0010 - 84 13 24 be 4f e4 3d cd-c3 ec 45 e3 19 fa 28 7f ..$.O.=...E...(.
Start Time: 1690012404
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
After I completed all the steps what I needed to is:
Click on the Start menu >> Run. Type in mmc and press OK
Click on File and choose the Add/Remove Snap-in option.
Select Certificates from the Available snap-ins list and click the Add button.
Choose Computer account to manage the certificate and click Next.
Select Local Computer and press the Finish button.
Certificates snap-in was selected. Click OK to add it to the console.
#Import intermediate/root certificates.
To import an intermediate certificate, right-click on Intermediate Certification Authority >> All Tasks >> Import. Here I imported myCA.pem
#Import Trusted Root Certification Authorities
To import an intermediate certificate, right-click on Trusted Root Certification Authorities >> All Tasks >> Import. Here I imported myCA.pem and acme.com
Important note the secret nginx-tls-secret can look like this:
kubectl create secret tls nginx-tls-secret --cert=acme.com.crt --key=acme.com.key
If you have issues importing the certificate check out this: https://www.ssls.com/knowledgebase/how-to-import-intermediate-and-root-certificates-via-mmc/