is it possible to have tls enabled but serve crl with plain http ?
I’m using vault pki engine as certificate authority for my kubernetes clusters and also the vault tls certificate is signed by the vault ca.
The service is exposed by a loadbalancer type service on port 8200 with tls enabled.
because the vault tls certificate is signed by the same ca I’d like to distribute the crl with plain http. but once I do that i get the error message:
Client sent an HTTP request to an HTTPS server.
I’m thinking about creating a nginx pod that is service the crl, or creating an ingress that is only allowing the crl path with plain http. But are there any better options ?