An important prerequisites for a secure communication between the web browser (end user) and the web server is to use TLS certificate (CA or self-signed). You can secure an Ingress by specifying a TLS private key and certificate.
Following are the steps to generate TLS certificates and its corresponding private key using Keystore (.jks) file.
Convert a JKS (.jks) keystore to a PKCS12 (.pfx) keystore by running the following command:
Code Block keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [MY_FILE.pfx] -srcstoretype JKS -deststoretype PKCS12The PKCS12 file format, also commonly known as PFX, is used to combine one or more digital certificates and a private key into a single file.
Run the following command to create a file containing only the certificates using the .p12 file.
Code Block openssl pkcs12 -in [MY_FILE.pfx] -nokeys -out [MY_File.crt]Run the following command to generate private key using the .p12 file.
Code Block openssl pkcs12 -in [MY_FILE.pfx] -nocerts -nodes -out [MY_Private.key]
You need to convert the certificate value (in MY_File.crt file) and private key value (in MY_Private.key file) to Base64 encoding to use them for the properties tlsCrt and tlsKey in the general-config.yaml file.