An important prerequisite for a secure communication between the web browser (end user) and the web server is to use TLS certificate (CA or self-signed). You can secure an Ingress by specifying a TLS private key and certificate.
Following are the steps to generate TLS certificates and its corresponding private key using Keystore (.jks) file.
| Info |
|---|
Before you perform these steps, ensure that you have the keytool (JDK) and SSL 1.1 installed on your system. |
Convert a JKS (.jks) keystore to a PKCS12 (.pfx) keystore by running the following command:
Code Block language none keytool -importkeystore -srckeystore <MY_KEYSTORE.jks> -destkeystore <MY_FILE.pfx> -srcstoretype JKS -deststoretype PKCS12The PKCS12 file format, also commonly known as PFX, is used to combine one or more digital certificates and a private key into a single file.
Run the following command to create a file containing only the certificates using the .p12 file.
Code Block openssl pkcs12 -in <MY_FILE.pfx> -nokeys -out <MY_File.crt>Run the following command to generate private key using the .p12 file.
Code Block openssl pkcs12 -in <MY_FILE.pfx> -nocerts -nodes -out <MY_Private.key>
You need to convert the certificate value (in MY_File.crt file) and private key value (in MY_Private.key file) to Base64 encoding to use them for the properties tlsCrt and tlsKey in the general-config.yaml file.
Run the following commands to convert the certificate and the private key to Base64 encoding respectively:
| Code Block |
|---|
cat <MY_File.crt> | base64 -w0 |
| Code Block |
|---|
cat <MY_Private.key> | base64 -w0 |