-
-
-
Deploy NetScaler ingress controller with OpenShift router sharding support
-
Deploy NetScaler CPX as an Ingress in Azure Kubernetes Engine
-
Deploy NetScaler ingress controller in an Azure Kubernetes Service cluster with NetScaler VPX
-
Deploy NetScaler ingress controller for NetScaler with admin partitions
-
Multi-cloud and GSLB solution with Amazon EKS and Microsoft AKS clusters
-
-
SSL certificate for services of type LoadBalancer through the Kubernetes secret resource
-
BGP advertisement for type LoadBalancer services and Ingresses using NetScaler CPX
-
NetScaler CPX integration with MetalLB in layer 2 mode for on-premises Kubernetes clusters
-
Advanced content routing for Kubernetes Ingress using the HTTPRoute CRD
-
IP address management using the NetScaler IPAM controller for Ingress resources
-
-
Install, link, and update certificates on NetScaler using the NetScaler ingress controller
-
Introduction to automated certificate management with cert-manager
-
Create a self-signed certificate and linking into a Kubernetes secret
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Install, link, and update certificates on a NetScaler using the NetScaler Ingress Controller
On the Ingress NetScaler, you can install, link, and update certificates. Many server certificates are signed by multiple hierarchical certificate authorities (CAs). This means that certificates form a chain.
A certificate chain is an ordered list of certificates containing an SSL certificate and certificate authority (CA) certificates. It enables the receiver to verify that the sender and all CAs are trustworthy. The chain or path begins with the SSL certificate, and each certificate in the chain is signed by the entity identified by the next certificate in the chain.
Any certificate that sits between the SSL certificate and the root certificate is called a chain or intermediate certificate. The intermediate certificate is the signer or issuer of the SSL certificate. The root CA certificate is the signer or issuer of the intermediate certificate.
If the intermediate certificate is not installed on the server (where the SSL certificate is installed) it may prevent some browsers, mobile devices, and applications from trusting the SSL certificate. To make the SSL certificate compatible with all clients, it is necessary that the intermediate certificate is installed.
Certificates linking in Kubernetes
The NetScaler Ingress Controller supports automatic provisioning and renewal of TLS certificates using the Kubernetes cert-manager. The cert-manager
issues certificates from different sources, such as Let’s Encrypt and HashiCorp Vault and converts them to Kubernetes secrets.
The following diagram explains how the cert-manager
performs certificate management.
When you create a Kubernetes secret from a PEM certificate embedded with multiple CA certificates, you need to link the server certificates with the associated CAs. While applying the Kubernetes secret, you can link the server certificates with all the associated CAs using the Ingress NetScaler. Linking the server certificates and CAs enable the receiver to verify if the sender and CAs are trustworthy.
The following is a sample Ingress definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: frontendssl
spec:
rules:
- host: frontend.com
http:
paths:
- backend:
service:
name: frontend
port:
number: 443
path: /web-frontend/frontend.php
pathType: Prefix
tls:
- secretName: certchain1
<!--NeedCopy-->
On the NetScaler, you can verify if certificates are added to the NetScaler. Perform the following:
-
Log on to the NetScaler command-line interface.
-
Verify if certificates are added to the NetScaler using the following command:
>show certkey
For sample outputs, see the NetScaler documentation.
-
Verify that the server certificate and CAs are linked using the following command:
>show certlink
Output:
1) Cert Name: k8s-3KC24EQYHG6ZKEDAY5Y3SG26MT2 CA Cert Name: k8s-3KC24EQYHG6ZKEDAY5Y3SG2_ic1 2) Cert Name: k8s-3KC24EQYHG6ZKEDAY5Y3SG2_ic1 CA Cert Name: k8s-3KC24EQYHG6ZKEDAY5Y3SG2_ic2
Share
Share
In this article
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.