I have created a certificate using ACM. Now, I want to create a TLS secret using kubernetes, so that I can use the secret to configure Ingress Resource.
I am trying to create a TLS secret using kubectl create secret tls fsi-secret --cert=fsi.chain.pem --key=fsi.key.pem However, it returns an error saying error: failed to load key pair tls: failed to parse private key
The private key was created using a password, so after reading through a bit, I decided to use the unencrypted private key, so I did the following:
openssl rsa -in fsi.key.pem -out fsi.key.decrypted.pem -passin pass: abcdefgxxxx
The above step generated an unencrypted version of the original private key.
Next I tried the create secret command above just changing the --key to use the unencrypted key:
kubectl create secret tls fsi-secret --cert=fsi.chain.pem --key=fsi.key.decrypted.pem
however, this resulted in error: failed to load key pair tls: private key does not match public key.
I am creating this tls secret in order to use it in the ingress resource definition.
Any help would be appreciated.
The one thing you should check is the chain order of your certificate as the first certificate will be checked against the private key. So, having your cert like this:
will make sure the order is right.
You can find more in-depth sources regarding that topic below:
Write an example using interemediate certs and Ingress
Get your certificate chain right
If that's still not the case, please let us know and update your question.