NoServerCertificateVerificationPortLevel

    1. apiVersion: networking.istio.io/v1alpha3
    2. kind: DestinationRule
    3. metadata:
    4.   name: db-tls
    6.   trafficPolicy:
    7.     portLevelSettings:
    8.       - port:
    9.           number: 443
    10.         tls:
    11.           clientCertificate: /etc/certs/myclientcert.pem
    12.           privateKey: /etc/certs/client_private_key.pem
    13.           sni: my-nginx.mesh-external.svc.cluster.local
    14.           # caCertificates not set

    How to resolve

    • Supply the filename of a CA certificate
    • Change the traffic policy so that a certificate is not needed