I’ve been trying to implement TLS in our Linkerd deployment for a while now, We originally had certificates that were generated by Vault. We found that our keys were being created in the pkcs1 format, which was an issue but fairly easy to switch, but now we find that our valid certificates have the X509v3 extension section which will not work with linkerd whereas the linkerd sample certs do not.
I was able to create certificates through the tutorial on buoyant’s website however openssl couldn’t sign them for some reason so I am looking into getting that working to provide some insight. Can anyone let me know why the linkerd TLS doesn’t seem to work with the X509v3 section in certs?
UPDATE: linkerd works with openSSL generated SHA256 certs but not SHA512 certs. See issue #1861 on github