creating k8s secret results in public private key not matching

Question

I have created a certificate using ACM. Now, I want to create a TLS secret using kubernetes, so that I can use the secret to configure Ingress Resource.

I am trying to create a TLS secret using kubectl create secret tls fsi-secret --cert=fsi.chain.pem --key=fsi.key.pem However, it returns an error saying error: failed to load key pair tls: failed to parse private key

The private key was created using a password, so after reading through a bit, I decided to use the unencrypted private key, so I did the following:

openssl rsa -in fsi.key.pem -out fsi.key.decrypted.pem -passin pass: abcdefgxxxx

The above step generated an unencrypted version of the original private key. Next I tried the create secret command above just changing the --key to use the unencrypted key:

kubectl create secret tls fsi-secret --cert=fsi.chain.pem --key=fsi.key.decrypted.pem

however, this resulted in error: failed to load key pair tls: private key does not match public key.

I am creating this tls secret in order to use it in the ingress resource definition.

Any help would be appreciated.

Answer 1

The one thing you should check is the chain order of your certificate as the first certificate will be checked against the private key. So, having your cert like this:

-----BEGIN MY CERTIFICATE-----
-----END MY CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN INTERMEDIATE CERTIFICATE-----
-----END INTERMEDIATE CERTIFICATE-----
-----BEGIN ROOT CERTIFICATE-----
-----END ROOT CERTIFICATE-----

will make sure the order is right.

You can find more in-depth sources regarding that topic below:

• Write an example using interemediate certs and Ingress

• Get your certificate chain right

If that's still not the case, please let us know and update your question.