Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

EKS Public API Server certificate's CA signer

0

Hi experts,

I have been trying to create an EKS cluster with EKS' Public API Server. I noticed that the public API server's certificate is signed with a self-signed certificate which causes some problems when accessed from on-site proxy, the proxy does not allow this self-signed certificate and requires a "known" CA signer. Question is whether this is an option to control the signer of the private API server certificate and preferably not to use self-signed certificate but rather a certificate signed by a known and trusted CA.

UPDATE: please ignore this question. I think the problem is in the container returning zero.. Thanks!

Topics
Containers
Tags
Amazon Elastic Kubernetes Service
Language
English
asked 2 years ago1.8K views
1 Answer
0

Hello,

You can check this blog post from AWS it allows to generate Private Certificate Authority (PCA) with AWS certificate Manager: https://aws.amazon.com/blogs/containers/managing-access-to-amazon-elastic-kubernetes-service-clusters-with-x-509-certificates/

EXPERT
answered 2 years ago
  • Eyal Gonen
    2 years ago

    Hi, that's not what I need. I am looking for a way to have the EKS Public API Server's certificate signed with a "known" CA (like AWS' CA) as it seems that by default the API server's certificate is a self-signed certificate which is very annoying for access via forward proxy (it blocks access to sites with self-signed certificates). Is there any way to force the API Server to use another CA?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content