How to Generate a Client Secret
The EuroDaT Client uses a secret for authentication at EuroDaT's API that must be registered beforehand.
Create a keystore file
You may use the keystore files in the local-certs folder for testing purposes. For other cases,
either use provided keystores or create your own keystore using keytool
:
keytool -genkeypair -v -keystore keystore.jks -keyalg RSA -keysize 4096 -validity 365 -alias certificate
Please always specify the alias "certificate" during creation or configure the EuroDaT Client accordingly.
Warning
Use a strong password during keystore creation and keep it secret.
Create the matching PEM file
The EuroDaT Client expects a keystore (.jks
) and a PEM file. Generate the PEM file from the keystore keystore.jks
using
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12
openssl pkcs12 -in keystore.p12 -clcerts -nokeys | openssl x509 -out tls.crt
rm keystore.p12
You should end up with two files keystore.jks
and tls.crt
.
Create the K8S secret
Base64-encode both files:
Use the results to create the k8s secret with the following template: