【备忘录】openssl记录

轻云UC2024-04-21 9:13

openssl genrsa -out ca.key 2048

openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=kubernetes-ca"

openssl genrsa -out etcd-ca.key 2048

openssl req -x509 -new -nodes -key etcd-ca.key -days 10000 -out etcd-ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=etcd-ca"

openssl genrsa -out front-proxy-ca.key 2048

openssl req -x509 -new -nodes -key front-proxy-ca.key -days 10000 -out front-proxy-ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=kubernetes-front-proxy-ca"

openssl genrsa -out kube-etcd.key 2048

openssl req -new -key kube-etcd.key -out kube-etcd.csr -subj "/CN=kube-etcd"

openssl x509 -req -in kube-etcd.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd.crt -days 10000 -extensions v3_ext -extfile etcdssl.cnf -sha256

openssl genrsa -out kube-etcd-peer.key 2048

openssl req -new -key kube-etcd-peer.key -out kube-etcd-peer.csr -subj "/CN=kube-etcd-peer"

openssl x509 -req -in kube-etcd-peer.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd-peer.crt -days 10000 -extensions v3_ext -extfile etcdssl.cnf -sha256

openssl genrsa -out apiserver-etcd-client.key 2048

openssl req -new -key apiserver-etcd-client.key -out apiserver-etcd-client.csr -subj "/CN=kube-apiserver-etcd-client/O=system:masters"

openssl x509 -req -in apiserver-etcd-client.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out apiserver-etcd-client.crt -days 3650

openssl genrsa -out kube-etcd-healthcheck-client.key 2048

openssl req -new -key kube-etcd-healthcheck-client.key -out kube-etcd-healthcheck-client.csr -subj "/CN=kube-etcd-healthcheck-client"

openssl x509 -req -in kube-etcd-healthcheck-client.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd-healthcheck-client.crt -days 3650

openssl genrsa -out apiserver.key 2048

openssl req -new -key apiserver.key -out apiserver.csr -subj "/CN=kube-apiserver"

openssl x509 -req -in apiserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver.crt -days 10000 -extensions v3_ext -extfile openssl.cnf -sha256

openssl genrsa -out apiserver-kubelet-client.key 2048

openssl req -new -key apiserver-kubelet-client.key -out apiserver-kubelet-client.csr -subj "/CN=kube-apiserver-kubelet-client/O=system:masters"

openssl x509 -req -in apiserver-kubelet-client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver-kubelet-client.crt -days 3650

openssl genrsa -out front-proxy-client.key 2048

openssl req -new -key front-proxy-client.key -out front-proxy-client.csr -subj "/CN=front-proxy-client"

openssl x509 -req -in front-proxy-client.csr -CA front-proxy-ca.crt -CAkey front-proxy-ca.key -CAcreateserial -out front-proxy-client.crt -days 3650

openssl genrsa -out admin.key 2048

openssl req -new -key admin.key -out admin.csr -subj "/CN=kubernetes-admin/O=system:masters/OU=System"

openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out admin.crt -days 3650

openssl genrsa -out kube-proxy.key 2048

openssl req -new -key kube-proxy.key -out kube-proxy.csr -subj "/CN=system:kube-proxy/O=system:kube-proxy/OU=System"

openssl x509 -req -in kube-proxy.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-proxy.crt -days 3650

openssl genrsa -out kube-controller-manager.key 2048

openssl req -new -key kube-controller-manager.key -out kube-controller-manager.csr -subj "/CN=system:kube-controller-manager"

openssl x509 -req -in kube-controller-manager.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-controller-manager.crt -days 3650

openssl genrsa -out kube-scheduler.key 2048

openssl req -new -key kube-scheduler.key -out kube-scheduler.csr -subj "/CN=system:kube-scheduler"

openssl x509 -req -in kube-scheduler.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-scheduler.crt -days 3650

openssl genrsa -out sa.key 2048

openssl rsa -in sa.key -pubout -out sa.pub

相关推荐
二级小助手16 天前
2026 问卷全自动填表指南:油猴(Tampermonkey)保姆级教程
脚本·油猴
二级小助手17 天前
问卷星刷问卷方案---脚本还是闲鱼,这是个问题!
自动化·脚本·问卷星·问卷星脚本·问卷星刷问卷·刷问卷·填问卷
花伤情犹在17 天前
万物皆可自动化:用 Python 摆脱繁琐点击(以企业微信批量退群为例)
python·自动化·gui·脚本
鹏大师运维1 个月前
统信 UOS OpenSSL 漏洞如何修复?外网 / 内网两种方式一次讲清
linux·运维·openssl·国产操作系统·统信uos·麒麟桌面操作系统·补丁修复
小麻侬1 个月前
CMake gui构建libcurl,MTD/MT,支持openssl
openssl·libcurl·cmake gui
前进的程序员1 个月前
OpenSSL加解密原理及使用方法详解
ssl·加解密·openssl
y1233447788991 个月前
国密算法SM2实现(Openssl)
开发语言·openssl·国密
EniacCheng1 个月前
【OpenSSL】- Ubuntu22.04手动编译安装openssl
openssl
shandianchengzi1 个月前
【开源工具】DeepSeek-Raw-Export|油猴脚本使用 DeepSeek 的复制按键直接导出
llm·脚本·工具·油猴·deepseek
REDcker1 个月前
OpenSSL 完整文档
c++·安全·github·c·openssl·后端开发
热门推荐
01GitHub 镜像站点02OpenClaw 使用和管理 MCP 完全指南03OpenClaw + 飞书(Feishu)环境搭建指南04【OpenClaw 本地实战 Ep.3】突破瓶颈:强制修改 openclaw.json 解锁 32k 上下文记忆05Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services06OpenClaw优化飞书API 额度已耗尽问题07小黑课堂计算机二级WPSoffice题库软件下载安装教程(2026年3月最新版)08Clawdbot部署教程:解决‘gateway token missing’授权问题的完整步骤09OpenClaw大龙虾机器人完整安装教程10Window 10部署openclaw报错node.exe : npm error code 128