ingress-nginx-helm/docs/examples/auth/client-certs/README.md

# Client Certificate Authentication
It is possible to enable Client Certificate Authentication using additional annotations in Ingress resources, created by you.

## Setup Instructions
1. Create a file named `ca.crt` containing the trusted certificate authority chain to verify client certificates. All of the certificates must be in PEM format.  
   *NB:* The file containing the trusted certificates must be named `ca.crt` exactly - this is expected to be found in the secret.

2. Create a secret from this file:  
`kubectl create secret generic auth-tls-chain --from-file=ca.crt --namespace=default`

3. Add the annotations as provided in the [ingress.yaml](ingress.yaml) example to your own ingress resources as required.
Updates and extends client cert documentation (#2105) Updates and extends the documentation about enabling client certificate authentication. 2018-02-16 15:17:29 +00:00			`# Client Certificate Authentication`
Add some extra detail to the client cert auth example Multiple people within my work organisation were caught out by the fact that the trusted client cert issuers must be given in a file named `ca.crt` and that other filenames will fail to work. This change makes it more clear to those who stumble across the documentation that this is a potential gotcha. 2018-10-09 21:10:56 +00:00			`It is possible to enable Client Certificate Authentication using additional annotations in Ingress resources, created by you.`
Updates and extends client cert documentation (#2105) Updates and extends the documentation about enabling client certificate authentication. 2018-02-16 15:17:29 +00:00
Add some extra detail to the client cert auth example Multiple people within my work organisation were caught out by the fact that the trusted client cert issuers must be given in a file named `ca.crt` and that other filenames will fail to work. This change makes it more clear to those who stumble across the documentation that this is a potential gotcha. 2018-10-09 21:10:56 +00:00			`## Setup Instructions`
			1. Create a file named `ca.crt` containing the trusted certificate authority chain to verify client certificates. All of the certificates must be in PEM format.
			NB: The file containing the trusted certificates must be named `ca.crt` exactly - this is expected to be found in the secret.
Updates and extends client cert documentation (#2105) Updates and extends the documentation about enabling client certificate authentication. 2018-02-16 15:17:29 +00:00
Add some extra detail to the client cert auth example Multiple people within my work organisation were caught out by the fact that the trusted client cert issuers must be given in a file named `ca.crt` and that other filenames will fail to work. This change makes it more clear to those who stumble across the documentation that this is a potential gotcha. 2018-10-09 21:10:56 +00:00			`2. Create a secret from this file:`
Updates and extends client cert documentation (#2105) Updates and extends the documentation about enabling client certificate authentication. 2018-02-16 15:17:29 +00:00			`kubectl create secret generic auth-tls-chain --from-file=ca.crt --namespace=default`

Add some extra detail to the client cert auth example Multiple people within my work organisation were caught out by the fact that the trusted client cert issuers must be given in a file named `ca.crt` and that other filenames will fail to work. This change makes it more clear to those who stumble across the documentation that this is a potential gotcha. 2018-10-09 21:10:56 +00:00			`3. Add the annotations as provided in the [ingress.yaml](ingress.yaml) example to your own ingress resources as required.`