self-signed Kubernetes certificate for cluster - ignore certificate validation

rswarnka — Wed, 09 Jun 2021 12:12:02 GMT

Hi there, To make cluster connect with Kubernetes, I'm trying to import the public certificate to trust stores in AGs. But I keep getting below error:

PS E:\Program Files\dynatrace\gateway\jre\bin> ./keytool.exe -import -file "E:/cert/aks-prod.pem" -alias aksweuprod -keystore "C:/ProgramData/dynatrace/gateway/ssl/trusted.jks"
Enter keystore password: 
keytool error: java.lang.Exception: Input not an X.509 certificate

Got to know that kubernete's certificate is self-signed hence the reason.

What is the security impact of disabling the certificate validation (referring to screenshot)?

Re: self-signed Kubernetes certificate for cluster - ignore certificate validation

ChadTurner — Mon, 01 Feb 2021 15:07:14 GMT

FYI this will be a requirement in the near future, Id you can always enable it but then set it to false in the config file as well. But id reach out to support to double check on this and the impacts of it turned on/off

topic Re: self-signed Kubernetes certificate for cluster - ignore certificate validation in Container platforms

self-signed Kubernetes certificate for cluster - ignore certificate validation

Re: self-signed Kubernetes certificate for cluster - ignore certificate validation