I am using google domains with gcloud static bucket and a https load balancer. A while ago the load balancer was set up to serve google-managed GTS ssl certs. This has now been revised to a self-managed third party ssl cert. The settings on the balancer do refer to the new cert; and gcloud does list the new cert as available.
Yet, the load balancer actually serves the 'old' GTS ssl cert no matter what. I've even removed the GTS cert via the console but that did not help.
How can I force the load balancer to serve the new cert?
Related
We have 10 different kubernetes pods which runs inside a private VPN, this pods are HTTP serving endpoints(not HTTPS). But this services would interact with HTTPS serving endpoints. Logically to make call to HTTP-S serving endpoints from a HTTP serving pod , the SSL server certificate trust is required. Hence we decided to store the SSL certificates inside each HTTP Service pods to make call to HTTPS serving pods.
I am wondering is there are any alternative approaches for managing SSL certificates across different pods in Kubernetes cluster? How about kubeadm for K8s certificate management ... any suggestions ?
This is more of a general SSL certificate question rather than specific to Kubernetes.
If the containers/pods providing the HTTPS endpoint already have their SSL correctly configured and the SSL certificate you are using was purchased/generated from a known, trusted CA (like letsencrypt or any one of the known, trusted certificate companies out there) then there is no reason your other container apps that are making connections to your HTTPS endpoint serving pods would need anything special stored in them.
The only exception to this is if you have your own private CA and you've generated certificates on that internally and are installing them in your HTTPS serving containers. (Or if you are generating self-signed certs). Your pods/containers connecting to the https endpoints would then need to know about the CA certificate. Here is a stackoverflow question/answer that deals with this scenario:
How do I add a CA root certificate inside a docker image?
Lastly, there are better patterns to manage SSL in containers and container schedulers like Kubernetes. It all depends on your design/architecture.
Some general ideas:
Terminate SSL at a load balancer before traffic hits your pods. The load balancer then handles the traffic from itself to the pods as HTTP, and your clients terminate SSL at the Load Balancer. (This doesn't really tackle your specific use case though)
Use something like Hashicorp Vault as an internal CA, and use automation around this product and Kubernetes to manage certificates automatically.
Use something like cert-manager by jetstack to manage SSL in your kubernetes environment automatically. It can connect to a multitude of 'providers' such as letsencrypt for free SSL. https://github.com/jetstack/cert-manager
Hope that helps.
I bought SSL certificate from cloudflare. Now I need to activate https on my ec2 instance where I have MEAN stack application running with nginx.Also I've added cloudflare nameservers to my godaddy dns.The problem is that cloudflare didn't send me any certificates or keys, which I can attach to my nginx configs. Please tell me what is my next steps.Thanks for attention and for help.
SSL from cloudflare will terminate at Cloudflare itself. Either you can send http request from cloudflare to your ec2, or you can setup a selfsigned certificate on your ec2 and pin it at cloudflare or install letsencrypt on your ec2 for ssl.
Enduser -HTTPS-> cloudflare -HTTP-> your ec2
I have the reverse proxy load balancer and its working fine. now want to run this with ssl so how to managed the SSL certs on the backend servers ??
Means what could be the ssl entry/ssl certs for the backedn servers??
I have the following infrastructure for my artifactory web server
Artifactory Server - myMainartifactory.myCompany.com
load balancer - myLoadbalancer01.myCompany.com
load balancer - myLoadBlancer02.myCompany.com
The SSL certificate is purchased for the domain myMainArtifactory.myCompany.com that both load balancers serve.From some posts including this one, I was under the impression that I could use the same private key and certificate for the load balancers.
But when I try to ping the docker registry it says that the certificate is for myMainArtifactory.mycompany.com domain.How does this work?
I have an EC2 instance with Apache and Tomcat servers. And I want to add SSL certificates for https access. Since I am new to server technologies, can anybody help me on this? Where do I configure SSL certificates?
Setup a Elastic Load Balancer (ELB) in front of your EC2 instance you can upload ssl certs to these
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.html
ELB: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/gs-ec2classic.html