Examples: Creating a Certificate

Mon, 01 Jan 0001 00:00:00 +0000

To enable the operation, it is necessary to create a certificate either by Windows / Linux / Mac and share it among all the replicas of the microservice. This sharing will ensure that a request that is being processed through one instance can continue on the other.

Creating the certificate in windows

For the creation of the certificate we will use the local folder (c:\temp\ssl) and the Windows Terminal / PowerShell tool that must be initialized in administrator mode before executing the commands below.

Run the powershell command to create a new certificate

New-SelfSignedCertificate -Type Custom -Subject "CN=TokenSigningForDataProtection" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3") -KeyUsage DigitalSignature -KeyAlgorithm RSA  -KeyLength 2048 -CertStoreLocation "Cert:\LocalMachine\My"

You will have something like this:

1
2
3

Thumbprint                                Subject
----------                                -------
5C9A0067427FEE4E66D33761D04BC7F36064DA87  CN=TokenSigningForDataProtection

Copy the value of the Thumbprint and use it in the Thumbprint field and then set a new password for use in the Password field.

$cert = (Get-ChildItem -Path cert:\LocalMachine\My<Thumbprint>)
$mypwd = ConvertTo-SecureString -String “” -Force -AsPlainText

The password provided above will be used to configure the certificate in the Cluster.

Example:

$cert = (Get-ChildItem -Path cert:\LocalMachine\My\5C9A0067427FEE4E66D33761D04BC7F36064DA87)
$mypwd = ConvertTo-SecureString -String "@mypaswrodk76" -Force -AsPlainText

Run the command below using the same Thumbprint as before
Get-ChildItem -Path cert:\localMachine\my<Thumbprint> | Export-PfxCertificate -FilePath C:\temp\ssl\certificate.pfx -password $mypwd

Example:

Get-ChildItem -Path cert:\localMachine\my\5C9A0067427FEE4E66D33761D04BC7F36064DA87 | Export-PfxCertificate -FilePath C:\temp\ssl\certificate.pfx -Password $mypwd

After running this command you will have a new SSL file in the C:\temp\ssl folder and it can be copied
to a shared storage in the Kubernetes Cluster.

Verifying the validity of the previously created certificate
a) Install the package manager https://chocolatey.org
b) Open a prompt as an administrator and install OpenSSL
choco install openssl
c) Close the windows terminal and then open it again
d) Enter the folder where you generated the certificate (C:\temp\ssl)
openssl PKCS12 -clcerts -nodes -in .\certificate.pfx | openssl x509 -noout -enddate
e) Enter the password of the certificate and you will see the validity of the certificate

Next steps:
a) Create a Storage in the Cluster
b) Modify the POD deployment by mounting the volume
c) Copy the certificate to Storage
d) Modify the Devprime Security setting to inform the path of the certificate in the cluster.

To learn more:

ASP.NET Core Data Protection

Devprime | Documentation – Data Protection

Examples: Creating a Certificate

Creating the certificate in windows