Using Custom Certificates in Ingress

Steps to use your custom certificates with the Ingress Controller.

Protegrity Anonymization API uses certificates for secure communication with the client. You can use the certificates provided by Protegrity or use your own certificates. Complete the configurations provided in this section to use your custom certificates with the Ingress Controller.

Ensure that the certificates and keys are in the .pem format.

Note: Skip the steps provided in this section if you want to use the default Protegrity certificates for the Protegrity Anonymization API.

  1. Log in to the Base Machine where Ingress in configured and open a command prompt.

  2. Copy your certificates to the Base Machine.

    Note: Verify the certificates using the commands provided in the section Working with Certificates.

  3. Create a Kubernetes secret of the server certificate using the following command. The namespace used must be the same where the Protegrity Anonymization API application is to be deployed.

    kubectl create secret --namespace <namespace-name> generic <secret-name> --from-file=tls.crt=<path_to_certificate>/<certificate-name> --from-file=tls.key=<path_to_certificate>/<certificate-key>

    For example,

    kubectl create secret --namespace anon-ns generic anon-protegrity-tls --from-file=tls.crt=/tmp/cust_cert/anon-server-cert.pem --from-file=tls.key=/tmp/cust_cert/anon-server-key.pem

  4. Create a Kubernetes secret of the CA certificate using the following command. The namespace used must be the same where the Protegrity Anonymization API application is to be deployed.

    kubectl create secret --namespace <namespace-name> generic <secret-name> --from-file=ca.crt=<path_to_certificate>/<certificate-name>

    For example,

    kubectl create secret --namespace anon-ns generic ca-protegrity --from-file=ca.crt=/tmp/cust_cert/anon-ca-cert.pem

  5. Open the values.yaml file.

  6. Add the following host and secret code for the Ingress configuration at the end of the values.yaml file.

    ## Refer section in documentation for setting up and configuring NGINX-INGRESS before deploying the application.
ingress:
  ## Add host section with the hostname used as CN while creating server certificates.
  ## While creating the certificates you can use *.protegrity.com as CN and SAN used in below example
  host: **anon.protegrity.com**                  # Update the host according to your server certificates.

  ## To terminate TLS on the Ingress Controller Load Balancer.
  ## K8s TLS Secret containing the certificate and key must also be provided.
  secret: **anon-protegrity-tls**                # Update the secretName according to your secretName.

  ## To validate the client certificate with the above server certificate
  ## Create the secret of the CA certificate used to sign both the server and client certificate as shown in example below
  ca_secret: **ca-protegrity**                    # Update the ca-secretName according to your secretName.

  ingress_class: nginx-anon

    Note: Ensure that you replace the host, secret, and ca_secret attributes in the values.yaml file with the values as per your certificate.

    For more information about using custom certificates, refer to Updating the Configuration Files.


Last modified : February 18, 2026