genCert | Utility to generate a TLS Certificate | TLS library

After some frustrations, I was able to get SSL/TLS set up, via these instructions . I did face some error about "Missing certificate key", but I was able to fix that via re-creating the CSR file, fixing the common name to : *.opensourceroads.com.

I requested, and installed, Comodo wildcard certificate.

Everything work on development subdomain.

Now, for the production server....

First, I copied the private keys and certificate files to home directory, and set the permissions of those HOME versions to 755. This allowed me to download them from the development server and upload them to the production server, which I did.

By the way, the production server host content for www.opensourceroads.com

After doing so, I installed mod_ssl per the instructions, moved the private and certs files down to the right place, and changed their permissions and ownership back, per the tutorial.

when I execute this command to generate kubernetes certificate:

I am starting kubernetes api server(v1.15.3) using this command:

kube-apiserver.service is running with --authorization-mode=Node,RBAC

I am programming certificate generation, but I am experiancing something like assembly namespace conflict between BouncyCastle and ITextSharp-LGPL-4.1.6.

So I tried to add an alias to the BouncyCastle library that I am using, and tried explicit conversion, but nothing worked.

I'm trying to enable client authentication by following the play-tls-example. Since this is just an experiment, I'm generating self-signed certs.

I have the following SSL engine provider:

I have a shell script which works fine when run from the command line, but not if called from within a PHP script (accessed via web).

In both cases, the calling user is www-data.

The line failing is this:

Before I go to the main question, I do want to state my understanding on Keystore and TrustStores:

1) Keystore - Details of key (private key) using which I would do my authentication as a server

2) Truststore - The list of root/interm CAs and other signed Certificates from different domains which I trust.

I am trying to establish an inter-server authentication and data exchange mechanism. All my servers has FQDN format as myserverX.mydomain.net where X is the index e.g. myserver1.mydomain.net. If my understanding on keystore and truststore is correct, when myserver1 is requesting data from myserver2, it's myserver1 who is client and myserver2 is server.

In this way:

1) myserver1 needs to trust myserver2 so myserver2 public key certificate should be imported into the truststore in `myserver1'.

2) The above will also be true when 'myserver1' is server and myserver2 is client - except now myserver1 public key certificate should be imported into myserver2 truststore.

Am I actually getting things right here? Or is there any fundamental mistake I am making? My intention was to try it out with self-signed certificate, and then, get a proper root CA signed certificate for my servers. But I would be grateful if someone can explain if I am making any wrong assumptions here.

Note - I am going to use Java keytool and JKS-type keystore (with default symmetric key algo and size) and I will use either -certreq and -gencert or -selfcert to generate a self signed certificate for my test.

As part of a setup, I create TLS certs and store them in S3. Creating the certs is done via external data source that runs the command to generate the certs. I then use those outputs to create S3 bucket object resources.

This works very well the first time I run terraform apply. However, if I change any other (non-cert) variable, resource, etc. and rerun, it reruns the external command, which generates a new key/cert pair, uploads them to S3, and breaks everything that already works.

Is there any way to create the resource conditionally? What pattern could I use to make the certs created only if they don't exist?

I did look at storing the generated keys/certs locally, but this is sensitive key material; I do not want it stored in local disk (and there are keys per environment).

Key/cert generation and storage: