Created
September 30, 2022 17:38
-
-
Save ospatil/1a24f5eedcc0368483c128a61cbc2f98 to your computer and use it in GitHub Desktop.
Extract private key and cert from pfx file using openssl and create Kubernetes TLS secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # extract cert from pfx file (pkcs#12 format - includes root chain with "End Entity First" chain order and private key) | |
| # will need cert password | |
| openssl pkcs12 -in <CERT_FILE>.pfx -nodes -nokeys -nomac -out domain.crt | |
| # extract encrypted private key | |
| openssl pkcs12 -in <CERT_FILE>.pfx -nocerts -out domain.enc.key | |
| # get unencrypted private key | |
| openssl rsa -in domain.enc.key -outform PEM -out domain.key | |
| # view the cert details | |
| openssl x509 -text -noout -in domain.crt | |
| # create kubernetes TLS secret yaml | |
| kubectl create secret tls <SECRET_NAME> \ | |
| -n <NAMESPACE> \ | |
| --key=domain.key \ | |
| --cert=domain.crt \ | |
| --output=yaml \ | |
| --dry-run=client > tls-cert-secret.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment