k8s icon indicating copy to clipboard operation
k8s copied to clipboard

Published 20 hours ago verified publisher icon cockroachdb

Is the --also-generate-pkcs8-key option available for this app?

Open mmosttler opened this issue 5 years ago • 3 comments

I believe that for my java app running in kubernetes I need a pkcs8 formatted key. Is --also-generate-pkcs8-key argument available for this request certificate job?

https://www.cockroachlabs.com/docs/v19.1/create-security-certificates.html#general

mmosttler avatar May 22 '19 20:05 mmosttler

cc @mberhault

kannanlakshmi avatar May 23 '19 13:05 kannanlakshmi

Unfortunately not. Until it is, you can convert the key using openssl after the request-cert job has finished running. Specifically:

openssl pkcs8 -topk8 -inform PEM -outform DER -in client.maxroach.key -out client.maxroach.pk8 -nocrypt

mberhault avatar May 23 '19 13:05 mberhault

I was able to use the openssl temporarily. To do so I had to add an additional initContainer to my pod to run the openssl command on the acquired certificates. The reason i had to use an additional init container was that the request cert init container does not include openssl. So for this workaround I used the cockroach (client?) container image.

Is there a timeline for getting the pkcs8 param added to the request-cert?

mmosttler avatar May 24 '19 01:05 mmosttler