I am trying to proxy a request to HTTPS upstream via kong. How can I configure the upstream certificate into kong.
Then configure your Service with
protocol = https, as documented in the Admin API reference: https://docs.konghq.com/1.0.x/admin-api/#add-service
Note that specifying
url=https://... during the creation of the Service is a shorthand notation that will have the same result.
You do not need to configure anything else if you want a regular server-side TLS encryption, as the client (Kong) will request the upstream’s certificate during the TLS handshake. However if by that you meant configuring a client certificate for Kong to establish mutual TLS with the upstream, then be aware that Kong does not yet support configuring dynamic mTLS in its Gateway deployment. You’ll have to develop a custom plugin or define a custom Nginx template for the moment.
Thanks Thibault, it worked.