Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

An important prerequisites for a secure communication between the web browser (end user) and the web server is to use TLS certificate (CA or self-signed). You can secure an Ingress by specifying a TLS private key and certificate.

Following are the steps to generate TLS certificates and its corresponding private key using Keystore (.jks) file.

  1. Convert a JKS (.jks) keystore to a PKCS12 (.pfx) keystore by running the following command:

    keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [MY_FILE.pfx] -srcstoretype JKS -deststoretype PKCS12

    The PKCS12 file format, also commonly known as PFX, is used to combine one or more digital certificates and a private key into a single file.

  2. Run the following command to create a file containing only the certificates using the .p12 file.

    openssl pkcs12 -in [MY_FILE.pfx] -nokeys -out [MY_File.crt]
  3. Run the following command to generate private key using the .p12 file.

    openssl pkcs12 -in [MY_FILE.pfx] -nocerts -nodes -out [MY_Private.key] 

You need to convert the certificate value (in MY_File.crt file) and private key value (in MY_Private.key file) to Base64 encoding to use them for the properties tlsCrt and tlsKey in the general-config.yaml file.

  • No labels