How to Fix the “certificate signed by unknown authority” error in Kubernetes?
While I was completing this post, I ran across the SSL problem
***** You can follow me on LinkedIn *****
The whole error message is as follows:
Error from server (InternalError): Internal error occurred: failed calling webhook "xxx": failed to call webhook:
Post "https://xxx.default.svc:443/?timeout=5s": tls: failed to verify certificate:
x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error"
while trying to verify candidate authority certificate "xxx.default.svc")This error will be raised by Kubernetes if your SSL/TLS certificate is created without a subjectAltName.
An example of a wrong command:
openssl req -subj '/CN=abc.default.svc' -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365This is how you should generate your key:
openssl req -subj '/CN=abc.default.svc' -addext "subjectAltName = DNS:abc.default.svc" -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365
