1、cfssl 字签证书

查看证书

可以使用以下命令查询CFSSL证书是否过期:

复制代码
  cfssl certinfo -cert <certificate_file>

其中,<certificate_file>为证书文件路径。执行该命令后,会输出证书的相关信息,包括有效期等信息。可以根据输出结果判断证书是否过期。

[root@mcwk8s03 ~]# ls k8s/

apiserver.sh  controller-manager.sh  etcd-cert  etcd-v3.3.10-linux-amd64         k8s-cert  kubeconfig  scheduler.sh

cfssl.sh      dashboard              etcd.sh    etcd-v3.3.10-linux-amd64.tar.gz  k8sPkg    master.zip

[root@mcwk8s03 ~]# ls k8s/k8s-cert/

admin.csr       admin-key.pem  ca-config.json  ca-csr.json  ca.pem       kube-proxy.csr       kube-proxy-key.pem  server.csr       server-key.pem

admin-csr.json  admin.pem      ca.csr          ca-key.pem   k8s-cert.sh  kube-proxy-csr.json  kube-proxy.pem      server-csr.json  server.pem

[root@mcwk8s03 ~]# ls k8s/k8s-cert/admin.pem

k8s/k8s-cert/admin.pem

[root@mcwk8s03 ~]# cat k8s/k8s-cert/admin.pem

-----BEGIN CERTIFICATE-----

MIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL

BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl

aWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr

dWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG

A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV

BgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT

BWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol

IY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT

MswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL

Ff4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E

tzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y

wAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel

3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB

BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6

+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G

CSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N

AgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo

AUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ

teV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H

Mj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1

gi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC

-----END CERTIFICATE-----

[root@mcwk8s03 ~]# cfssl certinfo -cert k8s/k8s-cert/admin.pem

{

  "subject": {

    "common_name": "admin",

    "country": "CN",

    "organization": "system:masters",

    "organizational_unit": "System",

    "locality": "BeiJing",

    "province": "BeiJing",

    "names": [

      "CN",

      "BeiJing",

      "BeiJing",

      "system:masters",

      "System",

      "admin"

    ]

  },

  "issuer": {

    "common_name": "kubernetes",

    "country": "CN",

    "organization": "k8s",

    "organizational_unit": "System",

    "locality": "Beijing",

    "province": "Beijing",

    "names": [

      "CN",

      "Beijing",

      "Beijing",

      "k8s",

      "System",

      "kubernetes"

    ]

  },

  "serial_number": "169845758887256605723302231706311763439890928044",

  "not_before": "2022-10-30T14:35:00Z",

  "not_after": "2032-10-27T14:35:00Z",

  "sigalg": "SHA256WithRSA",

  "authority_key_id": "EF:F2:18:67:60:99:7C:CC:F7:84:54:4B:CC:E7:30:F:25:33:85:88",

  "subject_key_id": "EE:D5:DF:AE:5A:FD:F9:BA:FA:17:15:B9:59:46:CA:24:9B:E2:E:C3",

  "pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol\nIY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT\nMswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL\nFf4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E\ntzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y\nwAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel\n3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6\n+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G\nCSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N\nAgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo\nAUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ\nteV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H\nMj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1\ngi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC\n-----END CERTIFICATE-----\n"

}

[root@mcwk8s03 ~]#

[root@mcwk8s03 ~]# cfssl certinfo -cert k8s/k8s-cert/admin.csr
{"code":1003,"message":"Failed to parse certificate"}
[root@mcwk8s03 ~]#

 

疑问:其它工具生成的证书,是否也可以用这个工具来查询到信息呢,应该是可以的吧,它跟什么生成的没关系,应该跟文件格式有关系吧。

也可以用下面命令

[root@mcwk8s03 ~]# cfssl-certinfo -cert=k8s/k8s-cert/admin.pem

{

  "subject": {

    "common_name": "admin",

    "country": "CN",

    "organization": "system:masters",

    "organizational_unit": "System",

    "locality": "BeiJing",

    "province": "BeiJing",

    "names": [

      "CN",

      "BeiJing",

      "BeiJing",

      "system:masters",

      "System",

      "admin"

    ]

  },

  "issuer": {

    "common_name": "kubernetes",

    "country": "CN",

    "organization": "k8s",

    "organizational_unit": "System",

    "locality": "Beijing",

    "province": "Beijing",

    "names": [

      "CN",

      "Beijing",

      "Beijing",

      "k8s",

      "System",

      "kubernetes"

    ]

  },

  "serial_number": "169845758887256605723302231706311763439890928044",

  "not_before": "2022-10-30T14:35:00Z",

  "not_after": "2032-10-27T14:35:00Z",

  "sigalg": "SHA256WithRSA",

  "authority_key_id": "EF:F2:18:67:60:99:7C:CC:F7:84:54:4B:CC:E7:30:F:25:33:85:88",

  "subject_key_id": "EE:D5:DF:AE:5A:FD:F9:BA:FA:17:15:B9:59:46:CA:24:9B:E2:E:C3",

  "pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol\nIY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT\nMswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL\nFf4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E\ntzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y\nwAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel\n3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6\n+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G\nCSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N\nAgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo\nAUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ\nteV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H\nMj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1\ngi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC\n-----END CERTIFICATE-----\n"

}

[root@mcwk8s03 ~]#

k8s证书相关的更多相关文章

  1. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  2. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)[zz]

    openssl dgst –sign privatekey.pem –sha1 –keyform PEM –c c:\server.pem 将文件用sha1摘要,并用privatekey.pem中的私 ...

  3. 苹果开发证书相关BLOG与Delphi IOS环境安装(超详细)

    注:有好的资源,请添加了上传,上传后,通知管理员,删除旧文件,累积相关的学习资源,方便新手学习 一.相关论坛http://www.2ccc.com/ delphi 合子 www.2pascal.com ...

  4. 网站https证书SSL证书相关

    网站https证书SSL证书相关 二级域名可以申请证书来使用,主域名申请的单域名证书,二级域名不在https加密保护内,通配符证书可以保护主域名下所有的二级子域名,二级域名等于和主域名使用的同一张证书 ...

  5. AFNetworking源码解析-https证书相关

    本篇说说安全相关的AFSecurityPolicy模块,AFSecurityPolicy用于验证HTTPS请求的证书,先来看看HTTPS的原理和证书相关的几个问题. HTTPS HTTPS连接建立过程 ...

  6. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)(使用OpenSSL的命令行)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  7. k8s 证书反解

    k8s证书反解 1.将k8s配置文件(kubelet.kubeconfig)中client-certificate-data:内容拷贝 2.echo "client-certificate- ...

  8. kubespray续签k8s证书

    查看证书过期时期 [root@node1 ~]# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not ...

  9. x509证书相关内容

    什么是证书 X.509证书,其核心是根据RFC 5280编码或数字签名的数字文档.    实际上,术语X.509证书通常指的是IETF的PKIX证书和X.509 v3证书标准的CRL 文件,即如RFC ...

  10. Kubernetes证书相关(CFSSL)

    CFSSL是CloudFlare开源的一款PKI/TLS工具. CFSSL 包含一个命令行工具 和一个用于 签名,验证并且捆绑TLS证书的 HTTP API 服务. 使用Go语言编写. Github ...

随机推荐

  1. C# Replace方法

    例子: string tStw = "Run Status"; string tStw1 = tStw.Replace("Run Status", " ...

  2. Aspose.Cells使用总结大全

    引用:https://blog.csdn.net/u011555996/article/details/79000270 使用到 Aspose.Cells 插件,整理一下. 一:新建解决方案,目录如下 ...

  3. 开发指导—利用组件&插值器动画实现HarmonyOS动效

    一. 组件动画 在组件上创建和运行动画的快捷方式.具体用法请参考通用方法. 获取动画对象 通过调用animate方法获得animation对象,animation对象支持动画属性.动画方法和动画事件. ...

  4. Leetcode-最小覆盖子串

    题目描述 给你一个字符串 s .一个字符串 t .返回 s 中涵盖 t 所有字符的最小子串.如果 s 中不存在涵盖 t 所有字符的子串,则返回空字符串 "" . 注意:如果 s 中 ...

  5. redis 简单整理——哨兵部署业务图[二十九]

    前言 简单介绍一下哨兵的部署业务图,非部署步骤. 正文 看一下部署的拓扑图: 然后这里用docker 来部署一下哨兵模式. 搭建一主二从. version: '3.7' services: maste ...

  6. 批处理 if的知识点

    正文 批处理的if不同于我们在一些常规语言中的if,比如说c或者c# 或者 java等. 如果我们判断两个字符是否相等,我们使用 'a'=='a' 来判断. 但是如果是不相等却不能这样. gtr 大于 ...

  7. React 逃离闭包陷阱

    众所周知,JavaScript 中的闭包(Closures)一定是这种语言最可怕的特性之一,即使是无所不知的 ChatGPT 也是这样说的.另外它可能也是最隐蔽的语言特性之一,我们在编写 React  ...

  8. Oracle SQL 创建一个简单的存储过程procedure

    Oracle 简单的创建一个存储过程procedure 如果学过别的语言,例如java,c这些,那么其实很好理解,其实就是面向数据库的操作 简单的例子如下: --创建或者重写存储过程 create o ...

  9. MaxCompute管家详解--管家助力,轻松玩转MaxCompute

    精彩视频回顾请点击:MaxCompute管家详解以下是直播内容精华整理,主要包括以下四个方面:1.背景速览:2.功能介绍:3.案例讲解:4.新功能预告. 一.背景速览 MaxCompute(原ODPS ...

  10. EDAS 4.0 助力企业一站式实现微服务架构转型与 K8s 容器化升级

    ​简介: EDAS 正式来到 4.0 时代,发布多项重磅新能力:同时联合新产品-云原生应用设计开发平台 ADD 1.0,一起发布云原生应用研发&运维 PaaS 产品家族,助力企业应用架构现代化 ...