【备忘录】openssl记录

openssl genrsa -out ca.key 2048

openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=kubernetes-ca"

openssl genrsa -out etcd-ca.key 2048

openssl req -x509 -new -nodes -key etcd-ca.key -days 10000 -out etcd-ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=etcd-ca"

openssl genrsa -out front-proxy-ca.key 2048

openssl req -x509 -new -nodes -key front-proxy-ca.key -days 10000 -out front-proxy-ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=kubernetes-front-proxy-ca"

openssl genrsa -out kube-etcd.key 2048

openssl req -new -key kube-etcd.key -out kube-etcd.csr -subj "/CN=kube-etcd"

openssl x509 -req -in kube-etcd.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd.crt -days 10000 -extensions v3_ext -extfile etcdssl.cnf -sha256

openssl genrsa -out kube-etcd-peer.key 2048

openssl req -new -key kube-etcd-peer.key -out kube-etcd-peer.csr -subj "/CN=kube-etcd-peer"

openssl x509 -req -in kube-etcd-peer.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd-peer.crt -days 10000 -extensions v3_ext -extfile etcdssl.cnf -sha256

openssl genrsa -out apiserver-etcd-client.key 2048

openssl req -new -key apiserver-etcd-client.key -out apiserver-etcd-client.csr -subj "/CN=kube-apiserver-etcd-client/O=system:masters"

openssl x509 -req -in apiserver-etcd-client.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out apiserver-etcd-client.crt -days 3650

openssl genrsa -out kube-etcd-healthcheck-client.key 2048

openssl req -new -key kube-etcd-healthcheck-client.key -out kube-etcd-healthcheck-client.csr -subj "/CN=kube-etcd-healthcheck-client"

openssl x509 -req -in kube-etcd-healthcheck-client.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd-healthcheck-client.crt -days 3650

openssl genrsa -out apiserver.key 2048

openssl req -new -key apiserver.key -out apiserver.csr -subj "/CN=kube-apiserver"

openssl x509 -req -in apiserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver.crt -days 10000 -extensions v3_ext -extfile openssl.cnf -sha256

openssl genrsa -out apiserver-kubelet-client.key 2048

openssl req -new -key apiserver-kubelet-client.key -out apiserver-kubelet-client.csr -subj "/CN=kube-apiserver-kubelet-client/O=system:masters"

openssl x509 -req -in apiserver-kubelet-client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver-kubelet-client.crt -days 3650

openssl genrsa -out front-proxy-client.key 2048

openssl req -new -key front-proxy-client.key -out front-proxy-client.csr -subj "/CN=front-proxy-client"

openssl x509 -req -in front-proxy-client.csr -CA front-proxy-ca.crt -CAkey front-proxy-ca.key -CAcreateserial -out front-proxy-client.crt -days 3650

openssl genrsa -out admin.key 2048

openssl req -new -key admin.key -out admin.csr -subj "/CN=kubernetes-admin/O=system:masters/OU=System"

openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out admin.crt -days 3650

openssl genrsa -out kube-proxy.key 2048

openssl req -new -key kube-proxy.key -out kube-proxy.csr -subj "/CN=system:kube-proxy/O=system:kube-proxy/OU=System"

openssl x509 -req -in kube-proxy.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-proxy.crt -days 3650

openssl genrsa -out kube-controller-manager.key 2048

openssl req -new -key kube-controller-manager.key -out kube-controller-manager.csr -subj "/CN=system:kube-controller-manager"

openssl x509 -req -in kube-controller-manager.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-controller-manager.crt -days 3650

openssl genrsa -out kube-scheduler.key 2048

openssl req -new -key kube-scheduler.key -out kube-scheduler.csr -subj "/CN=system:kube-scheduler"

openssl x509 -req -in kube-scheduler.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-scheduler.crt -days 3650

openssl genrsa -out sa.key 2048

openssl rsa -in sa.key -pubout -out sa.pub

相关推荐
小牛马爱写博客5 天前
Shell 脚本编程全解析:从入门到企业级实战
编程·shell·脚本
coder4_6 天前
OpenSSL 加密算法与证书管理全解析:从基础到私有 CA 实战
https·openssl·ssl/tls·加密算法·ca证书
王小义笔记13 天前
windows电脑如何执行openssl rand命令
windows·openssl
Humbunklung16 天前
VC++ 使用OpenSSL创建RSA密钥PEM文件
开发语言·c++·openssl
小七mod17 天前
【BTC】比特币脚本
web3·区块链·脚本·比特币·btc
虚伪的空想家21 天前
生产环境K8S的etcd备份脚本
运维·容器·kubernetes·脚本·备份·etcd
神秘人X7071 个月前
正则表达式笔记
正则表达式·shell·脚本
深耕AI1 个月前
Win64OpenSSL-3_5_2.exe【安装步骤】
openssl
看那山瞧那水1 个月前
DELPHI 利用OpenSSL实现加解密,证书(X.509)等功能
delphi·openssl
闲人编程2 个月前
PyQt6 进阶篇:构建现代化、功能强大的桌面应用
数据库·python·oracle·gui·脚本·pyqt6·软件