openss CA签署带扩展字段的证书
生成签署请求openssl req -new -key ../ca.key -out metrics-server.csr -reqexts SAN -extensions SAN -subj "/C=CN/ST=Guang'dong/L=Sheng'zhen/O=Kubernetes/OU=dev/CN=metrics-server.k8s.com" -con
·
生成签署请求
openssl req -new -key ../ca.key -out metrics-server.csr -subj "/C=CN/ST=Guang'dong/L=Sheng'zhen/O=Kubernetes/OU=dev/CN=metrics-server.k8s.com"
CA 签署证书
openssl x509 -req -sha256 -days 36500 -CA ../ca.crt -CAkey ../ca.key -CAcreateserial -in metrics-server.csr -out metrics-server.crt -extensions SAN -extfile <(cat /etc/pki/tls/openssl.cnf; printf "[SAN]\nsubjectAltName=DNS:metrics-server.k8s.com,IP:172.13.0.60")
验证证书
openssl x509 -noout -text -in metrics-server.crt
更多推荐
已为社区贡献2条内容
所有评论(0)