ssl-config icon indicating copy to clipboard operation
ssl-config copied to clipboard
verified publisher icon lightbend

KeyStore generation from certificate and private key

Open Sebruck opened this issue 6 years ago • 5 comments

Hi

as far as I have seen it is currently only possible to provide a keystore to ssl-config.

It would be great to be able to provide paths to a certificate and private key and ssl-config generates the keystore for me. So far we do this in our code:

      val ks = KeyStore.getInstance("PKCS12")
      ks.load(null, null)
      ks.setKeyEntry("1", privateKey, password, Seq(certificate).toArray)

what do you think?

Sebruck avatar Oct 22 '19 07:10 Sebruck

Possible duplicate of https://github.com/lightbend/ssl-config/issues/151

we run on kubernetes but get only priv key + certificate in our pods

Sebruck avatar Oct 22 '19 07:10 Sebruck

SSL config only does configuration. You can use https://github.com/tersesystems/securitybuilder to generate the keystore.

wsargent avatar Oct 26 '19 12:10 wsargent

@wsargent the idea is to not do it programmatically but just via configuration and this library takes care.

Sebruck avatar Oct 30 '19 08:10 Sebruck

@Sebruck Certificate and keystore generation is not a part of JSSE or TLS. That would still be a distinct project working with CertPath and JCA APIs.

wsargent avatar Nov 06 '19 16:11 wsargent

In the past I've used CFSSL and sample-cfssl-ca to do this -- see https://tersesystems.com/blog/2018/07/28/building-java-keystores/ for more details.

wsargent avatar Nov 06 '19 16:11 wsargent