1、cfssl 字签证书

查看证书

可以使用以下命令查询CFSSL证书是否过期:

复制代码
  cfssl certinfo -cert <certificate_file>

其中,<certificate_file>为证书文件路径。执行该命令后,会输出证书的相关信息,包括有效期等信息。可以根据输出结果判断证书是否过期。

[root@mcwk8s03 ~]# ls k8s/

apiserver.sh  controller-manager.sh  etcd-cert  etcd-v3.3.10-linux-amd64         k8s-cert  kubeconfig  scheduler.sh

cfssl.sh      dashboard              etcd.sh    etcd-v3.3.10-linux-amd64.tar.gz  k8sPkg    master.zip

[root@mcwk8s03 ~]# ls k8s/k8s-cert/

admin.csr       admin-key.pem  ca-config.json  ca-csr.json  ca.pem       kube-proxy.csr       kube-proxy-key.pem  server.csr       server-key.pem

admin-csr.json  admin.pem      ca.csr          ca-key.pem   k8s-cert.sh  kube-proxy-csr.json  kube-proxy.pem      server-csr.json  server.pem

[root@mcwk8s03 ~]# ls k8s/k8s-cert/admin.pem

k8s/k8s-cert/admin.pem

[root@mcwk8s03 ~]# cat k8s/k8s-cert/admin.pem

-----BEGIN CERTIFICATE-----

MIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL

BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl

aWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr

dWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG

A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV

BgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT

BWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol

IY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT

MswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL

Ff4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E

tzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y

wAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel

3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB

BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6

+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G

CSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N

AgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo

AUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ

teV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H

Mj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1

gi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC

-----END CERTIFICATE-----

[root@mcwk8s03 ~]# cfssl certinfo -cert k8s/k8s-cert/admin.pem

{

  "subject": {

    "common_name": "admin",

    "country": "CN",

    "organization": "system:masters",

    "organizational_unit": "System",

    "locality": "BeiJing",

    "province": "BeiJing",

    "names": [

      "CN",

      "BeiJing",

      "BeiJing",

      "system:masters",

      "System",

      "admin"

    ]

  },

  "issuer": {

    "common_name": "kubernetes",

    "country": "CN",

    "organization": "k8s",

    "organizational_unit": "System",

    "locality": "Beijing",

    "province": "Beijing",

    "names": [

      "CN",

      "Beijing",

      "Beijing",

      "k8s",

      "System",

      "kubernetes"

    ]

  },

  "serial_number": "169845758887256605723302231706311763439890928044",

  "not_before": "2022-10-30T14:35:00Z",

  "not_after": "2032-10-27T14:35:00Z",

  "sigalg": "SHA256WithRSA",

  "authority_key_id": "EF:F2:18:67:60:99:7C:CC:F7:84:54:4B:CC:E7:30:F:25:33:85:88",

  "subject_key_id": "EE:D5:DF:AE:5A:FD:F9:BA:FA:17:15:B9:59:46:CA:24:9B:E2:E:C3",

  "pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol\nIY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT\nMswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL\nFf4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E\ntzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y\nwAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel\n3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6\n+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G\nCSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N\nAgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo\nAUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ\nteV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H\nMj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1\ngi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC\n-----END CERTIFICATE-----\n"

}

[root@mcwk8s03 ~]#

[root@mcwk8s03 ~]# cfssl certinfo -cert k8s/k8s-cert/admin.csr
{"code":1003,"message":"Failed to parse certificate"}
[root@mcwk8s03 ~]#

 

疑问:其它工具生成的证书,是否也可以用这个工具来查询到信息呢,应该是可以的吧,它跟什么生成的没关系,应该跟文件格式有关系吧。

也可以用下面命令

[root@mcwk8s03 ~]# cfssl-certinfo -cert=k8s/k8s-cert/admin.pem

{

  "subject": {

    "common_name": "admin",

    "country": "CN",

    "organization": "system:masters",

    "organizational_unit": "System",

    "locality": "BeiJing",

    "province": "BeiJing",

    "names": [

      "CN",

      "BeiJing",

      "BeiJing",

      "system:masters",

      "System",

      "admin"

    ]

  },

  "issuer": {

    "common_name": "kubernetes",

    "country": "CN",

    "organization": "k8s",

    "organizational_unit": "System",

    "locality": "Beijing",

    "province": "Beijing",

    "names": [

      "CN",

      "Beijing",

      "Beijing",

      "k8s",

      "System",

      "kubernetes"

    ]

  },

  "serial_number": "169845758887256605723302231706311763439890928044",

  "not_before": "2022-10-30T14:35:00Z",

  "not_after": "2032-10-27T14:35:00Z",

  "sigalg": "SHA256WithRSA",

  "authority_key_id": "EF:F2:18:67:60:99:7C:CC:F7:84:54:4B:CC:E7:30:F:25:33:85:88",

  "subject_key_id": "EE:D5:DF:AE:5A:FD:F9:BA:FA:17:15:B9:59:46:CA:24:9B:E2:E:C3",

  "pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol\nIY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT\nMswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL\nFf4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E\ntzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y\nwAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel\n3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6\n+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G\nCSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N\nAgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo\nAUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ\nteV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H\nMj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1\ngi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC\n-----END CERTIFICATE-----\n"

}

[root@mcwk8s03 ~]#

k8s证书相关的更多相关文章

  1. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  2. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)[zz]

    openssl dgst –sign privatekey.pem –sha1 –keyform PEM –c c:\server.pem 将文件用sha1摘要,并用privatekey.pem中的私 ...

  3. 苹果开发证书相关BLOG与Delphi IOS环境安装(超详细)

    注:有好的资源,请添加了上传,上传后,通知管理员,删除旧文件,累积相关的学习资源,方便新手学习 一.相关论坛http://www.2ccc.com/ delphi 合子 www.2pascal.com ...

  4. 网站https证书SSL证书相关

    网站https证书SSL证书相关 二级域名可以申请证书来使用,主域名申请的单域名证书,二级域名不在https加密保护内,通配符证书可以保护主域名下所有的二级子域名,二级域名等于和主域名使用的同一张证书 ...

  5. AFNetworking源码解析-https证书相关

    本篇说说安全相关的AFSecurityPolicy模块,AFSecurityPolicy用于验证HTTPS请求的证书,先来看看HTTPS的原理和证书相关的几个问题. HTTPS HTTPS连接建立过程 ...

  6. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)(使用OpenSSL的命令行)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  7. k8s 证书反解

    k8s证书反解 1.将k8s配置文件(kubelet.kubeconfig)中client-certificate-data:内容拷贝 2.echo "client-certificate- ...

  8. kubespray续签k8s证书

    查看证书过期时期 [root@node1 ~]# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not ...

  9. x509证书相关内容

    什么是证书 X.509证书,其核心是根据RFC 5280编码或数字签名的数字文档.    实际上,术语X.509证书通常指的是IETF的PKIX证书和X.509 v3证书标准的CRL 文件,即如RFC ...

  10. Kubernetes证书相关(CFSSL)

    CFSSL是CloudFlare开源的一款PKI/TLS工具. CFSSL 包含一个命令行工具 和一个用于 签名,验证并且捆绑TLS证书的 HTTP API 服务. 使用Go语言编写. Github ...

随机推荐

  1. 巴延兴:从主导多个SIG组到OpenHarmony“代码贡献之星”,我是如何做到的?

    编者按:在 OpenHarmony 生态发展过程中,涌现了大批优秀的代码贡献者,本专题旨在表彰贡献.分享经验,文中内容来自嘉宾访谈,不代表 OpenHarmony 工作委员会观点. 巴延兴 深圳开鸿数 ...

  2. Python拷贝、移动、重命名、删除文件和文件夹----shutil

    拷贝 # 拷贝文件import shutil # 语法: shutil.copy(src, dst) '''示例 将 a 文件夹中的 a.txt 拷贝到 b 文件夹 ''' shutil.copy(' ...

  3. UML 哲学之道——启航篇[一]

    前言 简单去介绍一下uml的哲学之道也是自我整理之道. 正文 什么是uml,全程是统一建模语言(unified modeling language),简单的说就是用图形来表示文档. 是描述构造和文档化 ...

  4. docker 应用篇————docker原理[三]

    前文 前面就已经介绍了docker的安装,在https://www.cnblogs.com/aoximin/p/12906218.html,这里面,这里作为重新整理. 那么这里就不介绍了,这里直接是进 ...

  5. OS如何保持对计算机的控制权?

    前面我们提到:OS希望在保持控制权的同时,为用户提供高性能的并发. 那么OS究竟是如何保持对计算机的控制权呢?这似乎是一个令人迷惑(但很重要!)的问题:OS也是进程,自然也需要计算资源.那既然我们希望 ...

  6. 力扣119(java)-杨辉三角Ⅱ(简单)

    题目: 给定一个非负索引 rowIndex,返回「杨辉三角」的第 rowIndex 行. 在「杨辉三角」中,每个数是它左上方和右上方的数的和. 示例 1: 输入: rowIndex = 3输出: [1 ...

  7. opensips开启python支持

    操作系统 :CentOS 7.6_x64   opensips版本: 2.4.9   python版本:2.7.5 python作为脚本语言,使用起来很方便,查了下opensips的文档,支持使用py ...

  8. 汽车之家基于 Flink 的数据传输平台的设计与实践

    简介: 数据接入与传输作为打通数据系统与业务系统的一道桥梁,是数据系统与架构中不可或缺的一个重要部分.数据传输系统稳定性和准确性,直接影响整个数据系统服务的 SLA 和质量.此外如何提升系统的易用性, ...

  9. KubeVela 上手(1)|让云端应用交付更加丝滑

    简介: KubeVela 是阿里云和微软共同发起的 OAM(Open Application Model)标准的技术实现,旨在打造统一.标准.跨环境的云端应用交付,省时省力,轻松简单 作者|KubeV ...

  10. Resin反序列化链分析

    前言 Resin是一个轻量级的.高性能的开源Java应用服务器.它是由Caucho Technology开发的,旨在提供可靠的Web应用程序和服务的运行环境.和Tomcat一样是个服务器,它和hess ...