Skip to content

Instantly share code, notes, and snippets.

@InfoSec812

InfoSec812/README.md

Last active May 6, 2023 02:22
Show Gist options
  • Save InfoSec812/4f37a9b2eb7f712381818c4881eb37aa to your computer and use it in GitHub Desktop.
Save InfoSec812/4f37a9b2eb7f712381818c4881eb37aa to your computer and use it in GitHub Desktop.
Download ZIP
Configuring OpenShift Service Mesh 2.3 To Trust A JSON Web Key Set Certificate
Raw
README.md
  1. Retrieve the JSON Web Key Set using the JWKS URI
    • For example, for Keycloak it would be https://<keycloak server>/auth/realms/<realm>/protocol/openid-connect/certs
  2. From the JSON body you can extract the CA Certificate
    • If you are using jq you can extract the CA certificate using the JSONPath expression .keys[0].x5c[0]
    • curl https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/certs| jq -r ".keys[0].x5c[0]"
  3. In the ServiceMeshControlPlane custom resource, add the CA Certificate as shown below: 
    apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
  name: basic
  namespace: istio-system
spec:
  security:
    jwksResolverCA: |-
      -----BEGIN CERTIFICATE-----
      REDACTED
      -----END CERTIFICATE-----
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment