This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 91%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIO%3C/text%3E%3C/svg%3E)
Hi everyone. I was going through this microsoft documentation to implement TLS in nginx ingress controller for my application running in Azure Kubernetes Service. My ingress resource is below
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
namespace: my-ingress-ns
spec:
ingressClassName: nginx
tls:
- hosts:
- my_azure_private_dns
secretName: ingress-tls
rules:
- host: my_azure_private_dns
http:
paths:
- path: /data/
pathType: Prefix
backend:
service:
name: svc1
port:
number: 80
- path: /programs/
pathType: Prefix
backend:
service:
name: svc1
port:
number: 80
the ingress resource is deployed in the same namespace as my app pod and service. the TLS Secret (ingress-tls) is also deployed to the same namespace as the ingress resource, app and service. Since my company is the CA, i ran the update-ca-certificates to trust the root certificates when the k8s deployment is created using a bash script which acts as the entry point to my dockerfile
start.sh
#!/bin/sh
update-ca-certificates
dotnet my.App.dll
dockerfile
...
CMD ["./start.sh"]
after my deployemnt is created and i exec into the pod, i can see that the root certificates has been installed in /etc/ssl/certs
The problem is when i try to access my app thro my azure private dns i have this error: NET::ERR_CERT_AUTHORITY_INVALID
and when i run curl: curl https://my_azure_private_dns/data -kv
it shows me this error: * SSL certificate verify result: unable to get local issuer certificate (20)
Please can someone tell me where i am wrong? Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi,
The CN in the certificate has to match the host name from the https query.
Can you check if that is the case?
Is possible that the certificate was issued with the public host name.
Hope this helps!
Hi, thanks for your response. I later found out what was causing the error. I needed also to trust the Root and Intermediate Certificates on the VM that i used to access the dns from a web browser