Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

An important prerequisites An important prerequisite for a secure communication between the web browser (end user) and the web server is to use TLS certificate (CA or self-signed). You can secure an Ingress by specifying a TLS private key and certificate.

Following are the steps to generate TLS certificates certificates and its corresponding private key using Keystore (.jks) file.

Info

Before you perform these steps, ensure that you have the keytool (JDK) and SSL 1.1 installed on your system.

  1. Convert a JKS (.jks) keystore to a PKCS12 (.pfx) keystore by running the following command:

    Code Block
    languagenone
    keytool -importkeystore -srckeystore [MY<MY_KEYSTORE.jks]jks> -destkeystore [MY<MY_FILE.pfx]pfx> -srcstoretype JKS -deststoretype PKCS12

    The PKCS12 file format, also commonly known as PFX, is used to combine one or more digital certificates and a private key into a single file.

  2. Run the following command to create a file containing only the certificates certificates using the .p12 file.

    Code Block
    openssl pkcs12 -in [MY<MY_FILE.pfx]pfx> -nokeys -out [MY<MY_File.crt]crt>
  3. Run the following command to generate private key using the .p12 file.

    Code Block
    openssl pkcs12 -in [MY<MY_FILE.pfx]pfx> -nocerts -nodes -out [MY<MY_Private.key]key> 

You need to convert the certificate value (in MY_File.crt file) and private key value (in MY_Private.key file) to Base64 encoding to use them for the properties tlsCrt and tlsKey in the general-config.yaml file.

Run the following commands to convert the certificate and the private key to Base64 encoding respectively:

Code Block
cat <MY_File.crt> | base64 -w0 
Code Block
cat <MY_Private.key> | base64 -w0