Extracting TLS certificate and key

Owned by Ashhad Alam
Last updated: Apr 20, 2023 by Avinash Kumar
1 min read

An important prerequisite for a secure communication between the web browser (end user) and the web server is to use TLS certificate (CA or self-signed). You can secure an Ingress by specifying a TLS private key and certificate.

Following are the steps to generate TLS certificates and its corresponding private key using Keystore (.jks) file.

Before you perform these steps, ensure that you have the keytool (JDK) and SSL 1.1 installed on your system.

  1. Convert a JKS (.jks) keystore to a PKCS12 (.pfx) keystore by running the following command:

    keytool -importkeystore -srckeystore <MY_KEYSTORE.jks> -destkeystore <MY_FILE.pfx> -srcstoretype JKS -deststoretype PKCS12

    The PKCS12 file format, also commonly known as PFX, is used to combine one or more digital certificates and a private key into a single file.

  2. Run the following command to create a file containing only the certificates using the .p12 file.

    openssl pkcs12 -in <MY_FILE.pfx> -nokeys -out <MY_File.crt>

  3. Run the following command to generate private key using the .p12 file.

    openssl pkcs12 -in <MY_FILE.pfx> -nocerts -nodes -out <MY_Private.key>

You need to convert the certificate value (in MY_File.crt file) and private key value (in MY_Private.key file) to Base64 encoding to use them for the properties tlsCrt and tlsKey in the general-config.yaml file.

Run the following commands to convert the certificate and the private key to Base64 encoding respectively:

Â