The default API server certificate is issued by an internal {product-title} cluster CA. Clients outside of the cluster will not be able to verify the API server’s certificate by default. This certificate can be replaced by one that is issued by a CA that clients trust.
|
Note
|
In hosted control plane clusters, you cannot replace self-signed certificates from the API. |