k8s–证书签发

k8s–证书签发1.准备签发证书环境运维主机hdss-1-200.host.com上:2.安装CFSSL证书签发工具CFSSL:R1.2cfssl下载地址https://pkg.cfssl.org/R1.2/cfssl_linux-amd64cfssl-json下载地址https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64cfssl-certinfo下载地址https://pkg.cfssl.org/R1.2/cfssl-certinfo_li…

大家好,又见面了,我是你们的朋友全栈君。

1.准备签发证书环境

运维主机 hdss-1-200.host.com上:

2.安装CFSSL

证书签发工具CFSSL:R1.2

cfssl下载地址  https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 

cfssl-json下载地址 https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64

cfssl-certinfo下载地址  https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64

3. 下载到指定目录

[root@hdss-1-200 ~]# wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/bin/cfssl
[root@hdss-1-200 ~]# wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/bin/cfssl-json
[root@hdss-1-200 ~]# wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/bin/cfssl-certinfo

4.查看文件并赋执行权限

[root@hdss-1-200 bin]# ls -lrt cf*
-rw-r--r-- 1 root root  2277873 Feb  8 12:01 cfssl-json
-rw-r--r-- 1 root root  6595195 Feb  8 12:01 cfssl-certinfo
-rw-r--r-- 1 root root 10376657 Feb  8 12:01 cfssl
[root@hdss-1-200 bin]# chmod +x /usr/bin/cfssl*
[root@hdss-1-200 bin]# ls -lrt cf*
-rwxr-xr-x 1 root root  2277873 Feb  8 12:01 cfssl-json
-rwxr-xr-x 1 root root  6595195 Feb  8 12:01 cfssl-certinfo
-rwxr-xr-x 1 root root 10376657 Feb  8 12:01 cfssl
[root@hdss-1-200 bin]# which cfssl-certinfo
/usr/bin/cfssl-certinfo
[root@hdss-1-200 bin]# which cfssl
/usr/bin/cfssl
[root@hdss-1-200 bin]# which cfssl-json
/usr/bin/cfssl-json

5.签发证书,创建指定的目录

[root@hdss-1-200 opt]# mkdir certs
[root@hdss-1-200 opt]# cd certs/
[root@hdss-1-200 certs]# 

6.创建生成CA证书签名请求(csr)的JSON配置文件

[root@hdss-1-200 certs]# vi /opt/certs/ca-csr.json
{
    "CN": "OldboyEdu",		# 机构名称,浏览器使用该字段验证网站是否合法,一般写的是域名,非常重要,浏览器使用该字段验证网站是否合法
    "hosts": [	
    ],
    "key": {			
        "algo": "rsa",		# 算法
        "size": 2048		# 长度
    },
    "names": [
        {
            "C": "CN",		# C,国家
            "ST": "beijing",	# ST 州,省
            "L": "beijing",	# L 地区 城市
            "O": "od",		# O 组织名称,公司名称
            "OU": "ops"		# OU 组织单位名称,公司部门
        }
    ],
    "ca": {
        "expiry": "175200h"	# expiry 过期时间,任何证书都有过期时间.20年
    }
}

 7.签发证书

[root@hdss-1-200 certs]# cfssl gencert -initca ca-csr.json 
2021/02/08 12:13:54 [INFO] generating a new CA key and certificate from CSR
2021/02/08 12:13:54 [INFO] generate received request
2021/02/08 12:13:54 [INFO] received CSR
2021/02/08 12:13:54 [INFO] generating key: rsa-2048
2021/02/08 12:13:54 [INFO] encoded CSR
2021/02/08 12:13:54 [INFO] signed certificate with serial number 240189431803521968703357144322271086616848173037
{"cert":"-----BEGIN CERTIFICATE-----\nMIIDtDCCApygAwIBAgIUKhJ3dIfX4mYealjZtJhdi99hB+0wDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2Jl\naWppbmcxCzAJBgNVBAoTAm9kMQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMTCU9sZGJv\neUVkdTAeFw0yMTAyMDgxNzA5MDBaFw00MTAyMDMxNzA5MDBaMGAxCzAJBgNVBAYT\nAkNOMRAwDgYDVQQIEwdiZWlqaW5nMRAwDgYDVQQHEwdiZWlqaW5nMQswCQYDVQQK\nEwJvZDEMMAoGA1UECxMDb3BzMRIwEAYDVQQDEwlPbGRib3lFZHUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/H+E5rO6Y3Z+RjTdyTY3JerrDignTHN3v\nyOsGFM9REVD2qLFtRZ4Koj92KxuTivJm20GOgTr5UC504AhtS1L5TK9oXMR6YPtK\n36tlJ6LjJABM3nEKOr/TSQedFz6bGZ8DIJgEDIUI4QpRs71ZSsvalHfeD4WZg8Iu\n46PLZC1ObovOqyBhB3lds7QKF3hnKcGoInA7P8ZcEdLhEfD8N4u9HIYHnyHyoQYi\nStjpAAGc9rr5yGCAm8wE+e2YkMbMbL47nIf7kZdHhBR2DfmItkJLvgeIBJVn5DmQ\nnPeWgCJg7QOa+KbxAgitBwuw8xWIjvKLdnx9vEVDjb9H3ae97uJHAgMBAAGjZjBk\nMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTm\n1AYuIz1AxW8jSdiNe9L1oOGY0TAfBgNVHSMEGDAWgBTm1AYuIz1AxW8jSdiNe9L1\noOGY0TANBgkqhkiG9w0BAQsFAAOCAQEAA6YdDer2KKc5iAQciZxAZWXOdpnFCnzi\nj+tOclgajoJzsX3EBEHszUY7RqXRDXIF5ZSEYESHd5HqxdwtZBdG0mvVNm07YoCv\n6eVFoICqTtoodyRJIrqtiE40Gx21/RMsgvrFFC5QhkWKGbWDtz+3uowRyd1aYfGJ\nvaCatl2dcDMc2gI0x++Bu5m7C3nftfeO1uVZPgq3aH2nMC+zrYCzubE6bFSBSQbT\nhz88p8TeZOZcBdTVhMG7LXApfSOCO5Fbw1EXnn1nGMAAm6WmRzsIDRdknzDpcQe3\nkKSlNeFtY8kY1BKhMnU4fHThcubNCK8CWzoObejwAsHQmH+8fMN/Qg==\n-----END CERTIFICATE-----\n","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAO\nBgNVBAcTB2JlaWppbmcxCzAJBgNVBAoTAm9kMQwwCgYDVQQLEwNvcHMxEjAQBgNV\nBAMTCU9sZGJveUVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8f\n4Tms7pjdn5GNN3JNjcl6usOKCdMc3e/I6wYUz1ERUPaosW1FngqiP3YrG5OK8mbb\nQY6BOvlQLnTgCG1LUvlMr2hcxHpg+0rfq2UnouMkAEzecQo6v9NJB50XPpsZnwMg\nmAQMhQjhClGzvVlKy9qUd94PhZmDwi7jo8tkLU5ui86rIGEHeV2ztAoXeGcpwagi\ncDs/xlwR0uER8Pw3i70chgefIfKhBiJK2OkAAZz2uvnIYICbzAT57ZiQxsxsvjuc\nh/uRl0eEFHYN+Yi2Qku+B4gElWfkOZCc95aAImDtA5r4pvECCK0HC7DzFYiO8ot2\nfH28RUONv0fdp73u4kcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCh11nDWCUF\ne3qtBymlC38h02yOtXUmf7sUou2POQ6r12GiIdrY57qtjVIh5LqPMpjpJjUk+A3v\nbOGjipCIemGj5iKsKOt1AaA1/EhabJjEg+LxwWhIZ/jGsu4KIMBxZ7ZWFTRJDG9B\nDeREV//vcaaYZ6zdXTu1H8Ns5zC+0cx/7Yyq/pg8wfgEw1pV+5jIj3ryjmRYj5ow\nA/U7WYFKQ139jREpKOQAKECBByf7CNw0iHAbdyo4PNXz72YmArOronbcw4B9djeK\n/dGv1tVELUp/ZkXwBvtZFJSdyOD7xz76IIpguea8fLvUU2m5RrDfLrZwDB6nN3Io\nBSKLD/3tHUJk\n-----END CERTIFICATE REQUEST-----\n","key":"-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAvx/hOazumN2fkY03ck2NyXq6w4oJ0xzd78jrBhTPURFQ9qix\nbUWeCqI/disbk4ryZttBjoE6+VAudOAIbUtS+UyvaFzEemD7St+rZSei4yQATN5x\nCjq/00kHnRc+mxmfAyCYBAyFCOEKUbO9WUrL2pR33g+FmYPCLuOjy2QtTm6Lzqsg\nYQd5XbO0Chd4ZynBqCJwOz/GXBHS4RHw/DeLvRyGB58h8qEGIkrY6QABnPa6+chg\ngJvMBPntmJDGzGy+O5yH+5GXR4QUdg35iLZCS74HiASVZ+Q5kJz3loAiYO0Dmvim\n8QIIrQcLsPMViI7yi3Z8fbxFQ42/R92nve7iRwIDAQABAoIBACV943ik68kg8IRk\n51OM0xuK78gb9AFt0DuRdkkjG+gTNYatYODGn1IGsdxEaIxw3UxABoQl5aOyjupu\naDjIZeZxnJckW4aGL8VoSv7034cfMM/jctlG3QpdcRjnzmguhnrekfN5YT90pcmR\nMLuraIHgTgNJmDOdHSKFlUP4yspvnWtn8BcbtI9joE3FOv4aciC0yP52cpOO1XL5\nFVPabEypnQDNs6C50oP6Va1Do3YtKdbAPZV/h35pgtPfUI3tLobfgT6tj9ZFLrg+\nM5eULW6RsDXBh7aqgSo5YPu94b3LZzC8sOarN855JLd+XSIGaoFuGCUzQiwLfydM\nuxteuQECgYEA/mPTnbaD7eZWOuj6IMcxV8h5SGxFrShxq/7YILdbXAz0ZTaNf5W/\ndXgXUU7ETtsVbjhIsrkUSWXkQAfRxcp62qdgfW2toVhtMurlQ48gUex16lWKsC9G\nxu/H6USRVUKRG41cHI7TuXRMs5Nt6/9aaI0+eaOYEn2UJXBNCASrmJcCgYEAwFWM\nP+/k9xfwW0/W6kbPyWSKiRP3Xp4r1zI5pfSTioJRrFFpzMTMJ2jKW1L/oGa/DKNZ\nXBobFbL6QNBD7w+wpTX3YReNVFMIIDNxwSuch6fIN8/VOfdqeWJVtXx9RK6VyyMK\nRIq4nWfc2XTqi9F1SQAeVPykcyVI3sO76AuWCdECgYBrfmlUUmRrKZK0b/AJ28H4\n8wh01vOWWOm3oQdYw8ICIqM/BY9DI1b031sTC3KeU6s5mOT3SIfPABQ0DlnQ9190\nd5epSKg+7muuQV3Bb4BbvcyRybXB/ygsNfRGmKfE3E0O1Gvg0WWcDw2+MAUZ3Rwp\n481LfxpqbdAlBdA3HCoaXwKBgQCrzX7rOfHP2n1kQ2wZd0lyfzHUgpZL2YQVxRKD\nsHX+mqwz/cFBHWWzqkJf00LuV/k+Y8eVougguPAb5y1XpS9IVG12OCCRe13dzbZG\nNButfW02lZrFHcHpTbJ73AjVyhGaE+G/Gh8Q088OHAbLAD4BCG8PwWFwTZTLEBKQ\nk5DhkQKBgQDkXHYPgFI95olQiSnpsW2VGSjuFRR1vtrgT+o/8OuySrJDiJSTajVp\ndjPhFRMklLWwjngi2Ah9I803zBPD2IkVvyeM++8yIoCrwrt289DBiUdC4Gqae/eX\n3Sbgz4N6kF8gnGRZhCp0NUA94d84mxOO8SiapWz0IhfKjI9JNeSvoA==\n-----END RSA PRIVATE KEY-----\n"}

8.做成承载式证书

[root@hdss-1-200 certs]# ls
ca-csr.json
[root@hdss-1-200 certs]# cfssl gencert -initca ca-csr.json | cfssl-json -bare ca
2021/02/09 15:30:09 [INFO] generating a new CA key and certificate from CSR
2021/02/09 15:30:09 [INFO] generate received request
2021/02/09 15:30:09 [INFO] received CSR
2021/02/09 15:30:09 [INFO] generating key: rsa-2048
2021/02/09 15:30:10 [INFO] encoded CSR
2021/02/09 15:30:10 [INFO] signed certificate with serial number 80946315882407051316915181916096221469731026792
[root@hdss-1-200 certs]# ll
total 16
-rw-r--r-- 1 root root  993 Feb  9 15:30 ca.csr
-rw-r--r-- 1 root root  346 Feb  9 15:29 ca-csr.json
-rw------- 1 root root 1675 Feb  9 15:30 ca-key.pem
-rw-r--r-- 1 root root 1346 Feb  9 15:30 ca.pem
[root@hdss-1-200 certs]# 

 9.查看证书

[root@hdss-1-200 certs]# cat ca.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAO
BgNVBAcTB2JlaWppbmcxCzAJBgNVBAoTAm9kMQwwCgYDVQQLEwNvcHMxEjAQBgNV
BAMTCU9sZGJveUVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMly
Swes0sjLmU7KGG3ZDiOjggopHFawF5MRbNjjpbBBIr+uscPr5TNHls6S9lYOnUF9
RCFukDxZvf7xXJDeCWovCuiowVxA/N0nt0n8ESlh3OOS/eVnoeO6k2jG7LZxFjmB
9lQHVR1Lluc6yDd+36wvCVw/xjhcrAkAAFcwbRZm7PDzuzeXbWWbxhD1hg1vC7s8
qRd24mWIPoEUV4ZxAZWtpcZRa0etstVBjrF2LR/vpFCp6AYwe7Bykx0Sz1iIz05x
xEkkIp+aKw/pwau4lKa4UzN9OcHw2y41wUQ7pWSsYTByWTJW+NEQrC5azB1YCI6M
zwyz3A8MxGLl1AG2LhsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQA25mT5mJHR
+BDs8jq12qQjRljuVHJwDSIrLDHMOGGhIUzOBIe94Nj/tSXJ8Y7gQ+VeJIR+Yhjg
eW/8dpqOz0wqv8npXsUfmwrMWtYJu5YyuA7GLs03AwWyQIfycqAHfT1zp20YMr2j
bZkTCPiggk9Nb3k5fqyQyu7kdpvxQfS+d5Ygp5PHsU/pHzvxPhHbbIRwMGFgrrIr
6wMekRl2ruUnB2zt/RcPNcUYUnePIJLT8BakmPHyKsVouOEsqO/c470QN/KJvk3C
oxMF84qkPF1zBhS1ElMTpzXCbMQtyO0yMINvvAyPlM6NJ/4w+FO9AQG9X4f0tmrq
pPvaYwOqTV6w
-----END CERTIFICATE REQUEST-----
[root@hdss-1-200 certs]# 

 

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/141878.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)


相关推荐

  • [Pycharm] 远程连接服务器「建议收藏」

    [Pycharm] 远程连接服务器「建议收藏」1.选择远程python解释器File->Settings->Project->PythonInterpreter点击+号其中Host是服务器的固定IPUsername是服务器上创建的自己的用户名(注意在服务器上创建用户的时候,记住用户名和密码)Next,Next,因为服务器中会安装多个Python环境,在Interpreter中可以指定不同的虚拟环境。在Linux中,通常在/data和/home中都会创建自己用户名的文件夹,虚拟环境由于占内存较多,通常存储在/d

  • 蓝桥杯集锦01(python3)

    蓝桥杯集锦01(python3)

  • Elasticsearch-精确查找

    Elasticsearch-精确查找

    2021年11月26日
  • 窗口分割

    我们在使用OutLook或者NetAnt等工具的时候,一般都会被其复杂的界面所吸引,在这些界面中窗口被分割为若干的区域,真正做到了窗口的任意分割。那么我们自己如何创建类似的界面,也实现窗口的任意的分

    2021年12月27日
  • Java中Calendar类的常用方法

    Java中Calendar类的常用方法Calendar类常用方法的记录:获取时间//使用默认时区和语言环境获得一个日历Calendarcal=Calendar.getInstance();//赋值时年月日时分秒常用的6个值,注意月份下标从0开始,所以取月份要+1System.out.println(“年:”+cal.get(Calendar.YEAR));System.ou

  • 找工作必会的经典7大Python面试题!

    找工作必会的经典7大Python面试题:交换变量值;is和==的区别;可变对象和不可变对象;连接字符串用join还是+;理解__new__和__init__的区别;with与上下文管理器With基本语法;finally的理解。

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号