SSL certificate for API requests or /oauth2/token endpoint

Hi Team,

Ref#1 : Home
Is it correct and how to add the cert /etc/ssl/cert.pem(certs/ca-certificates.crt) in kong gateway deployed in kubernetes cluster ?

Ref#2 : Kong API Gateway SSL/TLS Certificates - Stack Overflow
referring answer section, how to get kong.ca-bundle & kong.key here ?

I see that kong-default.crt is showing issued by/to as “localhost” at container proxy .
cd /usr/local/kong/ssl
ls -lrt
total 36
-rw------- 1 kong nogroup 1704 Sep 25 07:43 kong-default.key
-rw-r–r-- 1 kong nogroup 1367 Sep 25 07:43 kong-default.crt
-rw------- 1 kong nogroup 241 Sep 25 07:43 kong-default-ecdsa.key
-rw-r–r-- 1 kong nogroup 826 Sep 25 07:43 kong-default-ecdsa.crt
-rw-r–r-- 1 kong nogroup 428 Sep 25 07:43 ffdhe2048.pem
-rw------- 1 kong nogroup 1708 Sep 25 07:43 admin-kong-default.key
-rw-r–r-- 1 kong nogroup 1363 Sep 25 07:43 admin-kong-default.crt
-rw------- 1 kong nogroup 241 Sep 25 07:43 admin-kong-default-ecdsa.key
-rw-r–r-- 1 kong nogroup 830 Sep 25 07:43 admin-kong-default-ecdsa.crt

please share some pointers on this ?

You can add CA certificates to the filesystem using a volume mount and can then set KONG_LUA_SSL_TRUSTED_CERTIFICATE in your environment. You’ll want to keep system in that list to trust standard public CAs.

The localhost certificate is the default if you do not provide your own default certificate, though you do not need one if you configure Ingresses with their own certificates.

Most routes should use certificates configured through their Ingress, which is the rough equivalent of the StackOverflow answer.

thanks for the info…