Generating a .jks file for the XKS Proxy

The .jks domain file is required for the Securosys XKS proxy to authenticate to your domain.

To correctly configure the Securosys XKS proxy, a path to the .jks file must be adapted in the application.yaml file. Check the parameter key-storessl: key-storekey-store in this section.

There are many ways to generate a .jks file. In this example, we are using openssl and keytool utilities. It is required to have these utilities preinstalled on the device where the .jks file will be created.

A prerequired step for this example is to generate a certificate for your domain. For the next steps you will require your \*.ca, \*.crt files and a private key.

To generate a .jks from these files, it is required to combine your \*.crt and \*.ca files. Manually copy all data from \*.ca into \*.crt, and then you can use the following command.

When prompted provide a password for the newly generated .p12 file, replace the file names exanple.crt and example.key with your own.

openssl pkcs12 -export -in example.crt -inkey example.key -out abc.p12

To generate the .jks file, execute the following command with the java keytool utility. When prompted provide the same password used with the openssl command. Replace the example file names with your own:

keytool -importkeystore -srckeystore example.p12 \
 srcstoretype PKCS12 \
 destkeystore example.jks \
 deststoretype JKS

Don't forget

to import your .jks file to the AWS EC2 instance where the Securosys XKS Proxy will be installed.

More Content

• Installing Docker on an EC2 instance
• Tutorial - How to encrypt/decrypt data in AWS KMS?
• Encrypting AWS S3 Bucket
• AWS Bring Your Own Key (BYOK)