【备忘录】openssl记录

轻云UC2024-04-21 9:13

openssl genrsa -out ca.key 2048

openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=kubernetes-ca"

openssl genrsa -out etcd-ca.key 2048

openssl req -x509 -new -nodes -key etcd-ca.key -days 10000 -out etcd-ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=etcd-ca"

openssl genrsa -out front-proxy-ca.key 2048

openssl req -x509 -new -nodes -key front-proxy-ca.key -days 10000 -out front-proxy-ca.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=kubernetes/OU=Kubernetes-manual/CN=kubernetes-front-proxy-ca"

openssl genrsa -out kube-etcd.key 2048

openssl req -new -key kube-etcd.key -out kube-etcd.csr -subj "/CN=kube-etcd"

openssl x509 -req -in kube-etcd.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd.crt -days 10000 -extensions v3_ext -extfile etcdssl.cnf -sha256

openssl genrsa -out kube-etcd-peer.key 2048

openssl req -new -key kube-etcd-peer.key -out kube-etcd-peer.csr -subj "/CN=kube-etcd-peer"

openssl x509 -req -in kube-etcd-peer.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd-peer.crt -days 10000 -extensions v3_ext -extfile etcdssl.cnf -sha256

openssl genrsa -out apiserver-etcd-client.key 2048

openssl req -new -key apiserver-etcd-client.key -out apiserver-etcd-client.csr -subj "/CN=kube-apiserver-etcd-client/O=system:masters"

openssl x509 -req -in apiserver-etcd-client.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out apiserver-etcd-client.crt -days 3650

openssl genrsa -out kube-etcd-healthcheck-client.key 2048

openssl req -new -key kube-etcd-healthcheck-client.key -out kube-etcd-healthcheck-client.csr -subj "/CN=kube-etcd-healthcheck-client"

openssl x509 -req -in kube-etcd-healthcheck-client.csr -CA etcd-ca.crt -CAkey etcd-ca.key -CAcreateserial -out kube-etcd-healthcheck-client.crt -days 3650

openssl genrsa -out apiserver.key 2048

openssl req -new -key apiserver.key -out apiserver.csr -subj "/CN=kube-apiserver"

openssl x509 -req -in apiserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver.crt -days 10000 -extensions v3_ext -extfile openssl.cnf -sha256

openssl genrsa -out apiserver-kubelet-client.key 2048

openssl req -new -key apiserver-kubelet-client.key -out apiserver-kubelet-client.csr -subj "/CN=kube-apiserver-kubelet-client/O=system:masters"

openssl x509 -req -in apiserver-kubelet-client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver-kubelet-client.crt -days 3650

openssl genrsa -out front-proxy-client.key 2048

openssl req -new -key front-proxy-client.key -out front-proxy-client.csr -subj "/CN=front-proxy-client"

openssl x509 -req -in front-proxy-client.csr -CA front-proxy-ca.crt -CAkey front-proxy-ca.key -CAcreateserial -out front-proxy-client.crt -days 3650

openssl genrsa -out admin.key 2048

openssl req -new -key admin.key -out admin.csr -subj "/CN=kubernetes-admin/O=system:masters/OU=System"

openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out admin.crt -days 3650

openssl genrsa -out kube-proxy.key 2048

openssl req -new -key kube-proxy.key -out kube-proxy.csr -subj "/CN=system:kube-proxy/O=system:kube-proxy/OU=System"

openssl x509 -req -in kube-proxy.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-proxy.crt -days 3650

openssl genrsa -out kube-controller-manager.key 2048

openssl req -new -key kube-controller-manager.key -out kube-controller-manager.csr -subj "/CN=system:kube-controller-manager"

openssl x509 -req -in kube-controller-manager.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-controller-manager.crt -days 3650

openssl genrsa -out kube-scheduler.key 2048

openssl req -new -key kube-scheduler.key -out kube-scheduler.csr -subj "/CN=system:kube-scheduler"

openssl x509 -req -in kube-scheduler.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-scheduler.crt -days 3650

openssl genrsa -out sa.key 2048

openssl rsa -in sa.key -pubout -out sa.pub

相关推荐
EniacCheng3 天前
【OpenSSL】- Ubuntu22.04手动编译安装openssl
openssl
shandianchengzi6 天前
【开源工具】DeepSeek-Raw-Export|油猴脚本使用 DeepSeek 的复制按键直接导出
llm·脚本·工具·油猴·deepseek
REDcker6 天前
OpenSSL 完整文档
c++·安全·github·c·openssl·后端开发
猫头虎6 天前
macOS 双开/多开微信WeChat完整教程(支持 4.X 及以上版本)
java·vscode·macos·微信·编辑器·mac·脚本
亿牛云爬虫专家7 天前
采集架构的三次升级:脚本、Docker 与 Kubernetes
爬虫·docker·架构·kubernetes·脚本·代理ip·采集
gis分享者14 天前
Shell 脚本中如何使用 here document 实现多行文本输入? (中等)
shell·脚本·document·多行·文本输入·here
gis分享者20 天前
Shell 脚本中如何使用 trap 命令捕捉和处理信号(中等)
shell·脚本·信号·处理·trap·捕捉
課代表20 天前
bat 批处理中 FOR 命令的变量修饰符
脚本·bat·环境变量·批处理·路径·扩展名·短名称
課代表21 天前
PowerShell 目录树生成与递归算法陷阱:目录统计为何从0变多?
脚本·powershell·bat·目录·计数·文件夹·树状结构
特立独行的猫a22 天前
[鸿蒙PC命令行程序移植实战]:交叉编译移植最新openSSL 4.0.0到鸿蒙PC
华为·harmonyos·移植·openssl·交叉编译·鸿蒙pc
热门推荐
01GitHub 镜像站点02OpenCode 入门教程:介绍 · 安装 · 配置第三方 API (如 Claude)03Clawdbot 中文汉化版 接入微信、飞书04一种新的LCA算法05Claude Code Skills 实用使用手册06【网络安全测试】Burp Suite工具使用说明、配置及常见问题(有关必回)07在Trae中使用Pencil MCP08零门槛部署本地 AI 助手:Clawdbot/Meltbot 部署深度保姆级教程09UV安装并设置国内源10struts2 XML外部实体注入漏洞复现(CVE-2025-68493)