An important prerequisites prerequisite for a secure communication between the web browser (end user) and the web server is to use TLS certificate (CA or self-signed). You can secure an Ingress by specifying a TLS private key and certificate.
Following are the steps to generate TLS certificates and its corresponding private key using Keystore (.jks) file.
| Info |
|---|
Before you perform these steps, ensure that you have the keytool (JDK) and SSL 1.1 installed on your system. |
Convert a JKS (.jks) keystore to a PKCS12 (.pfx) keystore by running the following command:
Code Block keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [MY_FILE.pfx] -srcstoretype JKS -deststoretype PKCS12
The PKCS12 file format, also commonly known as PFX, is used to combine one or more digital certificates and a private key into a single file.
Run the following command to create a file containing only the certificates using the .p12 file.
Code Block openssl pkcs12 -in [MY_FILE.pfx] -nokeys -out [MY_File.crt]
Run the following command to generate private key using the .p12 file.
Code Block openssl pkcs12 -in [MY_FILE.pfx] -nocerts -nodes -out [MY_Private.key]
You need to convert the certificate value (in MY_File.crt file) and private key value (in MY_Private.key file) to Base64 encoding to use them for the properties tlsCrt and tlsKey in the general-config.yaml file.
Run the following commands to convert the certificate and the private key to Base64 encoding respectively:
Code Block cat MY_File.crt | base64 -w0Code Block cat MY_Private.key | base64 -w0