Post-Install

Add Ingress Certificate to Trust Store

Manifest generates a self-signed CA certificate for the web ingress. To avoid browser security warnings, you must export and trust this certificate on client machines.

Export the CA Certificate

kubectl get secret -n cert-manager mfst-ca-tls -o jsonpath='{.data.ca\.crt}' | base64 -d > manifest-ca.crt

Trust the Certificate

macOS

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain manifest-ca.crt

Linux (Ubuntu/Debian)

sudo cp manifest-ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Linux (RHEL/CentOS)

sudo cp manifest-ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

Windows (PowerShell as Administrator)

Import-Certificate -FilePath manifest-ca.crt -CertStoreLocation Cert:\LocalMachine\Root

Use a Custom Ingress Certificate

Detailed instructions coming soon.

Related Documentation

Configuration Reference - Host and OIDC configuration options
Troubleshooting - Common issues and solutions

Updated 5 days ago