1、cfssl 字签证书

查看证书

可以使用以下命令查询CFSSL证书是否过期:

复制代码
  cfssl certinfo -cert <certificate_file>

其中,<certificate_file>为证书文件路径。执行该命令后,会输出证书的相关信息,包括有效期等信息。可以根据输出结果判断证书是否过期。

[root@mcwk8s03 ~]# ls k8s/

apiserver.sh  controller-manager.sh  etcd-cert  etcd-v3.3.10-linux-amd64         k8s-cert  kubeconfig  scheduler.sh

cfssl.sh      dashboard              etcd.sh    etcd-v3.3.10-linux-amd64.tar.gz  k8sPkg    master.zip

[root@mcwk8s03 ~]# ls k8s/k8s-cert/

admin.csr       admin-key.pem  ca-config.json  ca-csr.json  ca.pem       kube-proxy.csr       kube-proxy-key.pem  server.csr       server-key.pem

admin-csr.json  admin.pem      ca.csr          ca-key.pem   k8s-cert.sh  kube-proxy-csr.json  kube-proxy.pem      server-csr.json  server.pem

[root@mcwk8s03 ~]# ls k8s/k8s-cert/admin.pem

k8s/k8s-cert/admin.pem

[root@mcwk8s03 ~]# cat k8s/k8s-cert/admin.pem

-----BEGIN CERTIFICATE-----

MIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL

BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl

aWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr

dWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG

A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV

BgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT

BWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol

IY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT

MswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL

Ff4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E

tzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y

wAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel

3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB

BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6

+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G

CSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N

AgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo

AUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ

teV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H

Mj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1

gi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC

-----END CERTIFICATE-----

[root@mcwk8s03 ~]# cfssl certinfo -cert k8s/k8s-cert/admin.pem

{

  "subject": {

    "common_name": "admin",

    "country": "CN",

    "organization": "system:masters",

    "organizational_unit": "System",

    "locality": "BeiJing",

    "province": "BeiJing",

    "names": [

      "CN",

      "BeiJing",

      "BeiJing",

      "system:masters",

      "System",

      "admin"

    ]

  },

  "issuer": {

    "common_name": "kubernetes",

    "country": "CN",

    "organization": "k8s",

    "organizational_unit": "System",

    "locality": "Beijing",

    "province": "Beijing",

    "names": [

      "CN",

      "Beijing",

      "Beijing",

      "k8s",

      "System",

      "kubernetes"

    ]

  },

  "serial_number": "169845758887256605723302231706311763439890928044",

  "not_before": "2022-10-30T14:35:00Z",

  "not_after": "2032-10-27T14:35:00Z",

  "sigalg": "SHA256WithRSA",

  "authority_key_id": "EF:F2:18:67:60:99:7C:CC:F7:84:54:4B:CC:E7:30:F:25:33:85:88",

  "subject_key_id": "EE:D5:DF:AE:5A:FD:F9:BA:FA:17:15:B9:59:46:CA:24:9B:E2:E:C3",

  "pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol\nIY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT\nMswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL\nFf4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E\ntzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y\nwAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel\n3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6\n+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G\nCSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N\nAgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo\nAUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ\nteV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H\nMj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1\ngi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC\n-----END CERTIFICATE-----\n"

}

[root@mcwk8s03 ~]#

[root@mcwk8s03 ~]# cfssl certinfo -cert k8s/k8s-cert/admin.csr
{"code":1003,"message":"Failed to parse certificate"}
[root@mcwk8s03 ~]#

 

疑问:其它工具生成的证书,是否也可以用这个工具来查询到信息呢,应该是可以的吧,它跟什么生成的没关系,应该跟文件格式有关系吧。

也可以用下面命令

[root@mcwk8s03 ~]# cfssl-certinfo -cert=k8s/k8s-cert/admin.pem

{

  "subject": {

    "common_name": "admin",

    "country": "CN",

    "organization": "system:masters",

    "organizational_unit": "System",

    "locality": "BeiJing",

    "province": "BeiJing",

    "names": [

      "CN",

      "BeiJing",

      "BeiJing",

      "system:masters",

      "System",

      "admin"

    ]

  },

  "issuer": {

    "common_name": "kubernetes",

    "country": "CN",

    "organization": "k8s",

    "organizational_unit": "System",

    "locality": "Beijing",

    "province": "Beijing",

    "names": [

      "CN",

      "Beijing",

      "Beijing",

      "k8s",

      "System",

      "kubernetes"

    ]

  },

  "serial_number": "169845758887256605723302231706311763439890928044",

  "not_before": "2022-10-30T14:35:00Z",

  "not_after": "2032-10-27T14:35:00Z",

  "sigalg": "SHA256WithRSA",

  "authority_key_id": "EF:F2:18:67:60:99:7C:CC:F7:84:54:4B:CC:E7:30:F:25:33:85:88",

  "subject_key_id": "EE:D5:DF:AE:5A:FD:F9:BA:FA:17:15:B9:59:46:CA:24:9B:E2:E:C3",

  "pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol\nIY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT\nMswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL\nFf4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E\ntzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y\nwAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel\n3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6\n+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G\nCSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N\nAgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo\nAUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ\nteV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H\nMj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1\ngi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC\n-----END CERTIFICATE-----\n"

}

[root@mcwk8s03 ~]#

k8s证书相关的更多相关文章

  1. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  2. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)[zz]

    openssl dgst –sign privatekey.pem –sha1 –keyform PEM –c c:\server.pem 将文件用sha1摘要,并用privatekey.pem中的私 ...

  3. 苹果开发证书相关BLOG与Delphi IOS环境安装(超详细)

    注:有好的资源,请添加了上传,上传后,通知管理员,删除旧文件,累积相关的学习资源,方便新手学习 一.相关论坛http://www.2ccc.com/ delphi 合子 www.2pascal.com ...

  4. 网站https证书SSL证书相关

    网站https证书SSL证书相关 二级域名可以申请证书来使用,主域名申请的单域名证书,二级域名不在https加密保护内,通配符证书可以保护主域名下所有的二级子域名,二级域名等于和主域名使用的同一张证书 ...

  5. AFNetworking源码解析-https证书相关

    本篇说说安全相关的AFSecurityPolicy模块,AFSecurityPolicy用于验证HTTPS请求的证书,先来看看HTTPS的原理和证书相关的几个问题. HTTPS HTTPS连接建立过程 ...

  6. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)(使用OpenSSL的命令行)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  7. k8s 证书反解

    k8s证书反解 1.将k8s配置文件(kubelet.kubeconfig)中client-certificate-data:内容拷贝 2.echo "client-certificate- ...

  8. kubespray续签k8s证书

    查看证书过期时期 [root@node1 ~]# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not ...

  9. x509证书相关内容

    什么是证书 X.509证书,其核心是根据RFC 5280编码或数字签名的数字文档.    实际上,术语X.509证书通常指的是IETF的PKIX证书和X.509 v3证书标准的CRL 文件,即如RFC ...

  10. Kubernetes证书相关(CFSSL)

    CFSSL是CloudFlare开源的一款PKI/TLS工具. CFSSL 包含一个命令行工具 和一个用于 签名,验证并且捆绑TLS证书的 HTTP API 服务. 使用Go语言编写. Github ...

随机推荐

  1. 深入学习 XML 解析器及 DOM 操作技术

    所有主要的浏览器都内置了一个XML解析器,用于访问和操作XML XML 解析器 在访问XML文档之前,必须将其加载到XML DOM对象中 所有现代浏览器都有一个内置的XML解析器,可以将文本转换为XM ...

  2. 7. The Singular Value Decomposition(SVD)

    7.1 Singular values and Singular vectors The SVD separates any matrix into simple pieces. A is any m ...

  3. sql 语句系列(插入系列)[八百章之第五章]

    复制数据到另外一个表 这个不解释,只是自我整理. insert EMP_EAST (DEPTNO,DNAME,LOC) select DEPTNO,DNAME,LOC from DEPT where ...

  4. 《Effective C#》系列之(零)——概要

    把全书的内容讲述完整可能需要很长时间,我可以先回答主要目录和核心的内容.如果您有任何特定问题或需要更详细的解释,请告诉我. <Effective C#>一书共包含50条C#编程建议,以下是 ...

  5. -source 1.5 中不支持 diamond 运算符(中文版idea)

    -source 1.5 中不支持 diamond 运算符(中文版idea) 将idea中的各个部分的jdk设为8即可,中文版的如下 1.文件-设置 2.项目上右击-打开模块设置 模块中每一个都要确认是 ...

  6. 第壹課-Install:Mirth Connect在Win10下的安装步骤

    1.安装JDK,推荐安装JDK8 64位,版本jdk-8u201-windows-x64.exe. 安装JDK后,同时必须配置win10的系统环境变量[示例如下]: JAVA_HOME : F:\Ja ...

  7. 力扣220(java)-存在重复元素 III(困难)

    题目: 给你一个整数数组 nums 和两个整数 k 和 t .请你判断是否存在 两个不同下标 i 和 j,使得 abs(nums[i] - nums[j]) <= t ,同时又满足 abs(i ...

  8. 快手基于 Flink 的持续优化与实践

    简介: 快手基于 Flink 的持续优化与实践的介绍. 一.Flink 稳定性持续优化 第一部分是 Flink 稳定性的持续优化.该部分包括两个方面,第一个方面,主要介绍快手在 Flink Kafka ...

  9. 评审恩仇录——IDE也能做代码评审?

    简介: 云效Codeup推出了本地IDE插件端的评审,免除了黄药师来回华山的奔波之苦 现代科技公司的同事们平日一起交流开发规约和产品需求,肩上共同扛着业务发展和同行竞争的压力,这份还书贻剑的情谊如何能 ...

  10. 几种Java常用序列化框架的选型与对比

    简介: 序列化与反序列化是我们日常数据持久化和网络传输中经常使用的技术,但是目前各种序列化框架让人眼花缭乱,不清楚什么场景到底采用哪种序列化框架.本文会将业界开源的序列化框架进行对比测试,分别从通用性 ...