【备忘录】openssl记录

openssl genrsa -out ca.key 2048

openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=kubernetes-ca"

openssl genrsa -out etcd-ca.key 2048

openssl req -x509 -new -nodes -key etcd-ca.key -days 10000 -out etcd-ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=etcd-ca"

openssl genrsa -out front-proxy-ca.key 2048

openssl req -x509 -new -nodes -key front-proxy-ca.key -days 10000 -out front-proxy-ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=kubernetes-front-proxy-ca"

openssl genrsa -out kube-etcd.key 2048

openssl req -new -key kube-etcd.key -out kube-etcd.csr -subj "/CN=kube-etcd"

openssl x509 -req -in kube-etcd.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd.crt -days 10000 -extensions v3_ext -extfile etcdssl.cnf -sha256

openssl genrsa -out kube-etcd-peer.key 2048

openssl req -new -key kube-etcd-peer.key -out kube-etcd-peer.csr -subj "/CN=kube-etcd-peer"

openssl x509 -req -in kube-etcd-peer.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd-peer.crt -days 10000 -extensions v3_ext -extfile etcdssl.cnf -sha256

openssl genrsa -out apiserver-etcd-client.key 2048

openssl req -new -key apiserver-etcd-client.key -out apiserver-etcd-client.csr -subj "/CN=kube-apiserver-etcd-client/O=system:masters"

openssl x509 -req -in apiserver-etcd-client.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out apiserver-etcd-client.crt -days 3650

openssl genrsa -out kube-etcd-healthcheck-client.key 2048

openssl req -new -key kube-etcd-healthcheck-client.key -out kube-etcd-healthcheck-client.csr -subj "/CN=kube-etcd-healthcheck-client"

openssl x509 -req -in kube-etcd-healthcheck-client.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd-healthcheck-client.crt -days 3650

openssl genrsa -out apiserver.key 2048

openssl req -new -key apiserver.key -out apiserver.csr -subj "/CN=kube-apiserver"

openssl x509 -req -in apiserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver.crt -days 10000 -extensions v3_ext -extfile openssl.cnf -sha256

openssl genrsa -out apiserver-kubelet-client.key 2048

openssl req -new -key apiserver-kubelet-client.key -out apiserver-kubelet-client.csr -subj "/CN=kube-apiserver-kubelet-client/O=system:masters"

openssl x509 -req -in apiserver-kubelet-client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver-kubelet-client.crt -days 3650

openssl genrsa -out front-proxy-client.key 2048

openssl req -new -key front-proxy-client.key -out front-proxy-client.csr -subj "/CN=front-proxy-client"

openssl x509 -req -in front-proxy-client.csr -CA front-proxy-ca.crt -CAkey front-proxy-ca.key -CAcreateserial -out front-proxy-client.crt -days 3650

openssl genrsa -out admin.key 2048

openssl req -new -key admin.key -out admin.csr -subj "/CN=kubernetes-admin/O=system:masters/OU=System"

openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out admin.crt -days 3650

openssl genrsa -out kube-proxy.key 2048

openssl req -new -key kube-proxy.key -out kube-proxy.csr -subj "/CN=system:kube-proxy/O=system:kube-proxy/OU=System"

openssl x509 -req -in kube-proxy.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-proxy.crt -days 3650

openssl genrsa -out kube-controller-manager.key 2048

openssl req -new -key kube-controller-manager.key -out kube-controller-manager.csr -subj "/CN=system:kube-controller-manager"

openssl x509 -req -in kube-controller-manager.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-controller-manager.crt -days 3650

openssl genrsa -out kube-scheduler.key 2048

openssl req -new -key kube-scheduler.key -out kube-scheduler.csr -subj "/CN=system:kube-scheduler"

openssl x509 -req -in kube-scheduler.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-scheduler.crt -days 3650

openssl genrsa -out sa.key 2048

openssl rsa -in sa.key -pubout -out sa.pub

相关推荐
fangeqin10 小时前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发11 天前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑15 天前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl
水哥ansys18 天前
ANSYS ACT 格式及文件组成如何?
二次开发·脚本·ansys·workbench·水哥ansys·act
liulilittle20 天前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法并通过OPENSSL加密验证算法正确性。
linux·服务器·c++·算法·安全·加密·openssl
liulilittle22 天前
OpenSSL 的 AES-NI 支持机制
linux·运维·服务器·算法·加密·openssl·解密
liulilittle23 天前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法。
linux·服务器·c++·算法·安全·加密·openssl
花花少年24 天前
Ubuntu系统下交叉编译openssl
openssl·交叉编译
ZZZKKKRTSAE1 个月前
快速上手SHELL脚本基础及变量与运算
linux·运维·服务器·脚本
百锦再1 个月前
安卓无障碍脚本开发全教程
android·手机·脚本·开发·mobile·phone·无障碍