K8S证书了解
2020-09-27 本文已影响0人
草莓_Ops
[root@k8s7-200.host.com /opt/certs]# cfssl-certinfo -cert apiserver.pem
{
"subject": {
"common_name": "k8s-apiserver",
"country": "CN",
"organization": "od",
"organizational_unit": "ops", #部门
"locality": "shanghai",
"province": "shanghai",
"names": [
"CN",
"shanghai",
"shanghai",
"od",
"ops",
"k8s-apiserver"
]
},
"issuer": { #CA证书,权威证书
"common_name": "Datacloak",
"country": "CN",
"organization": "od",
"organizational_unit": "ops",
"locality": "shanghai",
"province": "shanghai",
"names": [
"CN",
"shanghai",
"shanghai",
"od",
"ops",
"Datacloak"
]
},
"serial_number": "554194374716607347917260436523298081750708489346",
"sans": [
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local",
"127.0.0.1",
"192.168.0.1",
"10.4.7.10",
"10.4.7.21",
"10.4.7.22",
"10.4.7.23"
],
"not_before": "2020-09-26T08:39:00Z",
"not_after": "2040-09-21T08:39:00Z",
"sigalg": "SHA256WithRSA",
"authority_key_id": "50:2D:AB:2B:AF:9D:96:CC:41:42:31:DE:39:AF:58:C0:6B:9B:4:97",
"subject_key_id": "99:68:D4:20:68:74:2A:98:DF:2F:95:6D:29:5:33:90:9:D:77:61",
"pem": "-----BEGIN CERTIFICATE-----\nMIIEczCCA1ugAwIBAgIUYRLva9eXdCUBO/qw2idSSU7NjIIwDQYJKoZIhvcNAQEL\nBQAwYjELMAkGA1UEBhMCQ04xETAPBgNVBAgTCHNoYW5naGFpMREwDwYDVQQHEwhz\naGFuZ2hhaTELMAkGA1UEChMCb2QxDDAKBgNVBAsTA29wczESMBAGA1UEAxMJRGF0\nYWNsb2FrMB4XDTIwMDkyNjA4MzkwMFoXDTQwMDkyMTA4MzkwMFowZjELMAkGA1UE\nBhMCQ04xETAPBgNVBAgTCHNoYW5naGFpMREwDwYDVQQHEwhzaGFuZ2hhaTELMAkG\nA1UEChMCb2QxDDAKBgNVBAsTA29wczEWMBQGA1UEAxMNazhzLWFwaXNlcnZlcjCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALntyYGDE/58cZjLf/d3qVYU\n/eBbOjbsmnWp5EPViTYdVFqJe5qarTZMo3pi2GUB47dSquszcokqcjNKgjai9Sax\nos3xsoNgFmvWGiQr8y6gZoQrx9Emk2sS9ehh/88btjUK60amOmdxYzbFFY9FtsN7\nkCSnNLoPYdimsbz7V4JsmQVaRXXCe8DhOV7bD1qy5b9p2nc0z88K1Yqau7p50Ood\newchVidhLRkf4aU6TCXNo7CXHxu6po4VGrTvUT0YkaiF2mY54lDmubdYahcvDJXE\nS3MkHCCwnKdplykwN+IdA8xzHZIqenHvbpPT8gRGEMPlco8p3SwHHMB9uNdV4kUC\nAwEAAaOCARswggEXMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD\nATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSZaNQgaHQqmN8vlW0pBTOQCQ13YTAf\nBgNVHSMEGDAWgBRQLasrr52WzEFCMd45r1jAa5sElzCBoQYDVR0RBIGZMIGWghJr\ndWJlcm5ldGVzLmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVy\nbmV0ZXMuZGVmYXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2\nYy5jbHVzdGVyLmxvY2FshwR/AAABhwTAqAABhwQKBAcKhwQKBAcVhwQKBAcWhwQK\nBAcXMA0GCSqGSIb3DQEBCwUAA4IBAQCnTXo3C2qbcYK8wnULwicIBoLqMcX1tzK2\ng8/ctiuoX4jh1Zzwvd9mTkFI6ekq2VtMi+7IblHkX7NJ7XZB3H8E3mxHzkm6ju30\nwSi4dHnLU15WqDJ1LpImQZnHku8qr8pR8xQlmNcjQJmfN4pyGcXSJnPJkWDby1H9\nJv2fM9uGcE6tiQWgHuPLESZQyNc61Z2rXroK0dMf/a1xr5g24MamdySjMvJV+CWV\nMh3WrCk5F2gz1jJ290Gi8DSmkxGH6uR7nN9kJBqGwnemzOSruYxg4ukygm2176Gb\nP+y6cymOmpQsuurwrseIKF1ERqLMNHzEWlCaQso/11xBUKjA462K\n-----END CERTIFICATE-----\n"
}
[root@k8s7-200.host.com /opt/certs]# cfssl-certinfo -domain www.baidu.com
{
"subject": {
"common_name": "baidu.com",
"country": "CN",
"organization": "Beijing Baidu Netcom Science Technology Co., Ltd",
"organizational_unit": "service operation department",
"locality": "beijing",
"province": "beijing",
"names": [
"CN",
"beijing",
"beijing",
"service operation department",
"Beijing Baidu Netcom Science Technology Co., Ltd",
"baidu.com"
]
},
"issuer": {
"common_name": "GlobalSign Organization Validation CA - SHA256 - G2",
"country": "BE",
"organization": "GlobalSign nv-sa",
"names": [
"BE",
"GlobalSign nv-sa",
"GlobalSign Organization Validation CA - SHA256 - G2"
]
},
"serial_number": "35388244279832734960132917320",
"sans": [
"baidu.com",
cat kubelet.config
复制client-certificat-data:数据
echo '......' |base64 -d
echo '......' |base64 -d >123.pem
证书反解:
[root@k8s7-200.host.com ~]# cfssl-certinfo -cert 123.pem
image.png
