做国学类网站合法吗,html5教程pdf下载,网络推广代理怎么做,珠海建设网站官网安装cfssl工具配置CA证书请求文件创建CA证书创建CA证书策略配置etcd证书请求文件生成etcd证书 继续上一篇文章《负载均衡器高可用部署》下面介绍一下etcd证书生成配置。其中涉及到的ip地址和证书基本信息请替换成你自己的信息。
安装cfssl工具 下载cfssl安装包 https://github… 安装cfssl工具配置CA证书请求文件创建CA证书创建CA证书策略配置etcd证书请求文件生成etcd证书 继续上一篇文章《负载均衡器高可用部署》下面介绍一下etcd证书生成配置。其中涉及到的ip地址和证书基本信息请替换成你自己的信息。
安装cfssl工具 下载cfssl安装包 https://github.com/cloudflare/cfssl/releases/download/v1.6.4/cfssl_1.6.4_linux_amd64chmod x cfssl_1.6.4_linux_amd64
mv cfssl_1.6.4_linux_amd64 /usr/local/bin/cfssl下载cfssljson安装包 https://github.com/cloudflare/cfssl/releases/download/v1.6.4/cfssljson_1.6.4_linux_amd64chmod x cfssljson_1.6.4_linux_amd64
mv cfssljson_1.6.4_linux_amd64 /usr/local/bin/cfssljson下载cfssl-certinfo安装包 https://github.com/cloudflare/cfssl/releases/download/v1.6.4/cfssl-certinfo_1.6.4_linux_amd64chmod x cfssl-certinfo_1.6.4_linux_amd64
mv cfssl-certinfo_1.6.4_linux_amd64 /usr/local/bin/cfssl-certinfo验证cfssl是否安装 cfssl version配置CA证书请求文件
cat ca-csr.json EOF
{CN:kubernetes,key:{algo:rsa,size:2048},names:[{C:CN,ST:zhejiang,L:hangzhou,O:eyinfo,OU:CN}],ca:{expiry:876000h}
}
EOF创建CA证书
cfssl gencert -initca ca-csr.json | cfssljson -bare ca#输出内容
2024/07/17 14:05:27 [INFO] generating a new CA key and certificate from CSR
2024/07/17 14:05:27 [INFO] generate received request
2024/07/17 14:05:27 [INFO] received CSR
2024/07/17 14:05:27 [INFO] generating key: rsa-2048
2024/07/17 14:05:28 [INFO] encoded CSR
2024/07/17 14:05:28 [INFO] signed certificate with serial number 204637901880970253758340254603897378959705254552创建CA证书策略 server auth 表示client可以对使用该ca由server提供的证书进行验证 client auth 表示server可以使用该ca由client提供的证书进行验证 cat ca-config.json EOF
{signing: {default: {expiry:876000h},profiles: {kubernetes: {usages: [signing,key encipherment,server auth,client auth],expiry: 876000h}}}
}
EOF配置etcd证书请求文件
cat etcd-csr.json EOF
{CN: etcd,hosts: [127.0.0.1,192.168.3.41,192.168.3.42,192.168.3.43],key: {algo: rsa,size: 2048},names: [{C:CN,ST:zhejiang,L:hangzhou,O:eyinfo,OU:CN}]
}
EOF生成etcd证书
cfssl gencert -caca.pem -ca-keyca-key.pem -configca-config.json -profilekubernetes etcd-csr.json | cfssljson -bare etcd#输出结果
2024/07/17 14:54:50 [INFO] generate received request
2024/07/17 14:54:50 [INFO] received CSR
2024/07/17 14:54:50 [INFO] generating key: rsa-2048
2024/07/17 14:54:50 [INFO] encoded CSR
2024/07/17 14:54:50 [INFO] signed certificate with serial number 190216768305198849016248800228208888865087276362
