SSL Error: Unable to verify the first certificate

Question

I have the ssl certificate zip file and the privatekey.key file. In total I have the certificate file .crt and another .crt with the name bundle.crt and a .pem file along with the private key with an extension .key.

Now I am trying to use it to create a secret in istio using these files. I am able to create a secret with these files (thecertificate.cert and the privatekey.key and not using the .pem and bundle.cert file) but then when I use in my istio ingress gateway configuration and test it, I get an error on Postman:

SSL Error: Unable to verify the first certificate.

Here are the details:

# kubectl create -n istio-system secret tls dibbler-certificate --key=privatekey.key --cert=thecertificate.crt

# kubectl get secrets -n istio-system

output: dibbler-certificate

gateway:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: dibbler-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      # serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
      # privateKey: /etc/istio/ingressgateway-certs/tls.key
      credentialName: dibbler-certificate
    hosts:
    - "test.ht.io" # domain name goes here

Any help is appreciated. Thanks

Answer 1

Your config files looks good. I have found very similar problem on discuss.istio.io. The problem is resolved by following:

Two servers was an error too but the important thing is I had to concatenate the godaddy ssl certificate.crt & the bundle.crt and then used the private key to create a secret. Now it’s workng fine.

You can also see this postman page.