How Do I Obtain a TLS Key Certificate?
Scenario
If your ingress needs to use HTTPS, you must configure a secret of the IngressTLS or kubernetes.io/tls type when creating an ingress.
The following shows how to create an IngressTLS key certificate.

When creating a secret, ensure that the certificate file uploaded in the secret data must match the private key file. Otherwise, the certificate file becomes invalid.
Solution
Generally, you need to obtain a valid certificate from the certificate provider. If you want to use it in the test environment, you can create a certificate and private key by the performing the following steps.

Self-created certificates apply only to test scenarios. Such certificates are invalid and will affect browser access. Manually upload a valid one to ensure secure connections.
- Generate a tls.key.
openssl genrsa -out tls.key 2048
The command will generate a private tls.key in the directory where the command is executed.
- Generate a certificate using the private tls.key.
openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=******/O=Devops/CN=example.com -days 3650
The generated key must be in the following format:
----BEGIN RSA PRIVATE KEY----- ........................................................... -----END RSA PRIVATE KEY-----
The generated certificate must be in the following format:
-----BEGIN CERTIFICATE----- ................................................................ -----END CERTIFICATE-----
- Import the certificate.
When creating a TLS secret, import the certificate and private key file to the corresponding location.
Verification
The ingress address can be accessed through a browser. However, the certificate and secret are not issued by the CA, so the CA does not recognize them and shows a message saying they are insecure.

Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot