7. Convert the node's keystore to PKCS#12 temporarily so that we can export the private key ( as keytool doesn't allow this)
   `keytool -importkeystore -srckeystore test-node.jks -srcstorepass keypass -destkeystore test-node.p12 -deststoretype PKCS12 -deststorepass keypass`
8. Export the node's private key

    // May fail with ProviderException with root cause like
    // sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID
    val pkcs11 = Security.getProvider("SunPKCS11").configure(config)
    Security.addProvider(pkcs11)

    val callbackHandler = ConsoleCallbackHandler

    val builderList: List<KeyStore.Builder> =
      listOf(

    // Test setup fails on JDK9
    // java.security.KeyStoreException: Certificate chain is not valid
    // at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry
    // http://openjdk.java.net/jeps/229
    // http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/2c1c21d11e58/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#l596
    val keystoreType = if (platform.isJdk9()) "JKS" else null

  /**
   * As described in <a href="https://www.rsa.com/rsalabs/node.asp?id=2138">PKCS #12: Personal
   * Information Exchange Syntax Standard</a>, PKCS #12 defines an archive file format for storing
   * many cryptography objects as a single file.
   *
   * @since 15.0
   */
  public static final MediaType KEY_ARCHIVE = createConstant(APPLICATION_TYPE, "pkcs12");

  /**

    }

  /**
   * Returns the RSA private key encoded in [PKCS #1][rfc_8017] [PEM format][rfc_7468].
   *
   * [rfc_8017]: https://tools.ietf.org/html/rfc8017
   * [rfc_7468]: https://tools.ietf.org/html/rfc7468
   */
  fun privateKeyPkcs1Pem(): String {
    check(keyPair.private is RSAPrivateKey) { "PKCS1 only supports RSA keys" }
    return buildString {

```sh
export MINIO_CERT_PASSWD=<PASSWORD>
```

The default OpenSSL format for private encrypted keys is PKCS-8, but MinIO only supports PKCS-1. An RSA key that has been formatted with PKCS-8 can be converted to PKCS-1 using the following command:

```sh
openssl rsa -in private-pkcs8-key.key -aes256 -passout pass:PASSWORD -out private.key
```

#### 3.2.3 Generate a self-signed certificate

## Version 4.2.0

_2019-09-10_

 *  New: API to decode a certificate and private key to create a `HeldCertificate`. This accepts a
    string containing both a certificate and PKCS #8-encoded private key.

    ```kotlin
    val heldCertificate = HeldCertificate.decode("""
        |-----BEGIN CERTIFICATE-----
        |MIIBYTCCAQegAwIBAgIBKjAKBggqhkjOPQQDAjApMRQwEgYDVQQLEwtlbmdpbmVl

------------------------------------------------

in `build.gradle`.

=== Limitations

The following should be taken into consideration when writing new tests or adjusting existing ones:

==== TLS

`JKS` and `PKCS#12` keystores cannot be used in FIPS mode. If the test depends on being able to use
a keystore, it can be muted when needed ( see `ESTestCase#inFipsJvm` ). Alternatively, one can use

- Pod Certificates (beta) now includes a PKCS#10 certificate signing request for wider compatibility with existing certificate authority software. ([#136729](https://github.com/kubernetes/kubernetes/pull/136729), [@ahmedtd](https://github.com/ahmedtd)) [SIG API Machinery, Auth, Node and Testing]...

source code is governed by a BSD-style // license that can be found in the LICENSE file. package rsa import ( "bytes" "crypto/sha1" "testing" ) func TestEMSAPSS(t *testing.T) { // Test vector in file pss-int.txt from: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip msg := []byte{ 0x85, 0x9e, 0xef, 0x2f, 0xd7, 0x8a, 0xca, 0x00, 0x30, 0x8b, 0xdc, 0x47, 0x11, 0x93, 0xbf, 0x55, 0xbf, 0x9d, 0x78, 0xdb, 0x8f, 0x8a, 0x67, 0x2b, 0x48, 0x46, 0x34, 0xf3, 0xc9, 0xc2, 0x6e, 0x64, 0x78, 0xae, 0x10, 0x26,...