Extract the Ingress CA or Server Certificate

  1. Determine the provider of the server certificate:
    Log into the cluster node and examine /var/appd/globals.yaml.gotmpl. If the value of ingress.defaultCert is true, this indicates that the On-Premises Virtual Appliance provided the CA and a server certificate. Otherwise, you provided a custom TLS certificate.
    Note: The upgrade process sets ingress.defaultCert to false.
  2. If the On-Premises Virtual Appliance provided the CA certificate, run this command to extract a copy of it:
    kubectl get secret ingress-cert-secret \
-n ingress-master \
-o jsonpath="{.data.ca\.crt}" | base64 --decode > ca.crt
  3. If you provided a custom TLS certificate, run this command to extract a copy of it:
    kubectl get secret custom-ingress-secret \
-n ingress-master \
-o jsonpath="{.data.tls\.crt}" | base64 --decode > certificate.crt