1、cfssl 字签证书

查看证书

可以使用以下命令查询CFSSL证书是否过期:

复制代码
  cfssl certinfo -cert <certificate_file>

其中,<certificate_file>为证书文件路径。执行该命令后,会输出证书的相关信息,包括有效期等信息。可以根据输出结果判断证书是否过期。

[root@mcwk8s03 ~]# ls k8s/

apiserver.sh  controller-manager.sh  etcd-cert  etcd-v3.3.10-linux-amd64         k8s-cert  kubeconfig  scheduler.sh

cfssl.sh      dashboard              etcd.sh    etcd-v3.3.10-linux-amd64.tar.gz  k8sPkg    master.zip

[root@mcwk8s03 ~]# ls k8s/k8s-cert/

admin.csr       admin-key.pem  ca-config.json  ca-csr.json  ca.pem       kube-proxy.csr       kube-proxy-key.pem  server.csr       server-key.pem

admin-csr.json  admin.pem      ca.csr          ca-key.pem   k8s-cert.sh  kube-proxy-csr.json  kube-proxy.pem      server-csr.json  server.pem

[root@mcwk8s03 ~]# ls k8s/k8s-cert/admin.pem

k8s/k8s-cert/admin.pem

[root@mcwk8s03 ~]# cat k8s/k8s-cert/admin.pem

-----BEGIN CERTIFICATE-----

MIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL

BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl

aWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr

dWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG

A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV

BgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT

BWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol

IY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT

MswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL

Ff4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E

tzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y

wAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel

3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB

BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6

+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G

CSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N

AgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo

AUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ

teV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H

Mj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1

gi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC

-----END CERTIFICATE-----

[root@mcwk8s03 ~]# cfssl certinfo -cert k8s/k8s-cert/admin.pem

{

  "subject": {

    "common_name": "admin",

    "country": "CN",

    "organization": "system:masters",

    "organizational_unit": "System",

    "locality": "BeiJing",

    "province": "BeiJing",

    "names": [

      "CN",

      "BeiJing",

      "BeiJing",

      "system:masters",

      "System",

      "admin"

    ]

  },

  "issuer": {

    "common_name": "kubernetes",

    "country": "CN",

    "organization": "k8s",

    "organizational_unit": "System",

    "locality": "Beijing",

    "province": "Beijing",

    "names": [

      "CN",

      "Beijing",

      "Beijing",

      "k8s",

      "System",

      "kubernetes"

    ]

  },

  "serial_number": "169845758887256605723302231706311763439890928044",

  "not_before": "2022-10-30T14:35:00Z",

  "not_after": "2032-10-27T14:35:00Z",

  "sigalg": "SHA256WithRSA",

  "authority_key_id": "EF:F2:18:67:60:99:7C:CC:F7:84:54:4B:CC:E7:30:F:25:33:85:88",

  "subject_key_id": "EE:D5:DF:AE:5A:FD:F9:BA:FA:17:15:B9:59:46:CA:24:9B:E2:E:C3",

  "pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol\nIY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT\nMswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL\nFf4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E\ntzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y\nwAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel\n3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6\n+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G\nCSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N\nAgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo\nAUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ\nteV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H\nMj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1\ngi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC\n-----END CERTIFICATE-----\n"

}

[root@mcwk8s03 ~]#

[root@mcwk8s03 ~]# cfssl certinfo -cert k8s/k8s-cert/admin.csr
{"code":1003,"message":"Failed to parse certificate"}
[root@mcwk8s03 ~]#

 

疑问:其它工具生成的证书,是否也可以用这个工具来查询到信息呢,应该是可以的吧,它跟什么生成的没关系,应该跟文件格式有关系吧。

也可以用下面命令

[root@mcwk8s03 ~]# cfssl-certinfo -cert=k8s/k8s-cert/admin.pem

{

  "subject": {

    "common_name": "admin",

    "country": "CN",

    "organization": "system:masters",

    "organizational_unit": "System",

    "locality": "BeiJing",

    "province": "BeiJing",

    "names": [

      "CN",

      "BeiJing",

      "BeiJing",

      "system:masters",

      "System",

      "admin"

    ]

  },

  "issuer": {

    "common_name": "kubernetes",

    "country": "CN",

    "organization": "k8s",

    "organizational_unit": "System",

    "locality": "Beijing",

    "province": "Beijing",

    "names": [

      "CN",

      "Beijing",

      "Beijing",

      "k8s",

      "System",

      "kubernetes"

    ]

  },

  "serial_number": "169845758887256605723302231706311763439890928044",

  "not_before": "2022-10-30T14:35:00Z",

  "not_after": "2032-10-27T14:35:00Z",

  "sigalg": "SHA256WithRSA",

  "authority_key_id": "EF:F2:18:67:60:99:7C:CC:F7:84:54:4B:CC:E7:30:F:25:33:85:88",

  "subject_key_id": "EE:D5:DF:AE:5A:FD:F9:BA:FA:17:15:B9:59:46:CA:24:9B:E2:E:C3",

  "pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol\nIY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT\nMswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL\nFf4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E\ntzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y\nwAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel\n3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6\n+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G\nCSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N\nAgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo\nAUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ\nteV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H\nMj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1\ngi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC\n-----END CERTIFICATE-----\n"

}

[root@mcwk8s03 ~]#

k8s证书相关的更多相关文章

  1. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  2. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)[zz]

    openssl dgst –sign privatekey.pem –sha1 –keyform PEM –c c:\server.pem 将文件用sha1摘要,并用privatekey.pem中的私 ...

  3. 苹果开发证书相关BLOG与Delphi IOS环境安装(超详细)

    注:有好的资源,请添加了上传,上传后,通知管理员,删除旧文件,累积相关的学习资源,方便新手学习 一.相关论坛http://www.2ccc.com/ delphi 合子 www.2pascal.com ...

  4. 网站https证书SSL证书相关

    网站https证书SSL证书相关 二级域名可以申请证书来使用,主域名申请的单域名证书,二级域名不在https加密保护内,通配符证书可以保护主域名下所有的二级子域名,二级域名等于和主域名使用的同一张证书 ...

  5. AFNetworking源码解析-https证书相关

    本篇说说安全相关的AFSecurityPolicy模块,AFSecurityPolicy用于验证HTTPS请求的证书,先来看看HTTPS的原理和证书相关的几个问题. HTTPS HTTPS连接建立过程 ...

  6. 那些证书相关的玩意儿(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等)(使用OpenSSL的命令行)

    之前没接触过证书加密的话,对证书相关的这些概念真是感觉挺棘手的,因为一下子来了一大堆新名词,看起来像是另一个领域的东西,而不是我们所熟悉的编程领域的那些东西,起码我个人感觉如此,且很长时间都没怎么搞懂 ...

  7. k8s 证书反解

    k8s证书反解 1.将k8s配置文件(kubelet.kubeconfig)中client-certificate-data:内容拷贝 2.echo "client-certificate- ...

  8. kubespray续签k8s证书

    查看证书过期时期 [root@node1 ~]# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not ...

  9. x509证书相关内容

    什么是证书 X.509证书,其核心是根据RFC 5280编码或数字签名的数字文档.    实际上,术语X.509证书通常指的是IETF的PKIX证书和X.509 v3证书标准的CRL 文件,即如RFC ...

  10. Kubernetes证书相关(CFSSL)

    CFSSL是CloudFlare开源的一款PKI/TLS工具. CFSSL 包含一个命令行工具 和一个用于 签名,验证并且捆绑TLS证书的 HTTP API 服务. 使用Go语言编写. Github ...

随机推荐

  1. 如何通过OpenHarmony的音频模块实现录音变速功能?

    简介 OpenAtom OpenHarmony(以下简称"OpenHarmony")是由开放原子开源基金会孵化及运营的开源项目,是面向全场景.全连接.全智能时代的智能物联网操作系统 ...

  2. C语言 03 VSCode开发

    安装好 C 语言的开发环境后,就需要创建项目进行开发了. 使用 IDE(集成开发环境)进行开发了. C 语言的开发工具很多,现在主流的有 Clion.Visual Studio.VSCode. 这里以 ...

  3. 插入排序的基本实现【数据结构与算法—TypeScript 实现】

    笔记整理自 coderwhy 『TypeScript 高阶数据结构与算法』课程 概念 本质:将数列分为已排序和未排序,将未排序中的元素插入到已排序中的合适位置 特性 复杂度分析 时间复杂度: 最好情况 ...

  4. OpenStack实战安装部署

    OpenStack安装部署 一.基础准备工作 部署环境:CentOS 7 64 1.关闭本地iptables防火墙并设置开机不自启动 <span style="color:#33333 ...

  5. Pytorch-tensor的激活函数

    1.激活函数 激活函数的作用是能够给神经网络加入一些非线性因素,使得神经网络可以更好地解决较为复杂的问题.因为很多问题都不是线性的,你只有给它加入一些非线性因素,就能够让问题更好的解决. 函数1:RE ...

  6. 简单介绍 Vue 3.0 项目创建

    一.前期转杯 确保电脑上已安装 node.js. 可通过命令 npm --version进行查询,如果展示了版本号,则说明已安装,若提示 npm 不是有内部或外部命令,也不是可运行的程序,则说明未安装 ...

  7. 简单的使用Echars制作柱状图

    简单的使用Echars制作柱状图 html如下 <!DOCTYPE html> <html lang="en"> <head> <meta ...

  8. 安装以及破解Navicat

    1.下载Navicat软件安装包 链接:https://pan.baidu.com/s/1RltCPjg1mmpOjC7vxAjQ4g 提取码:v4k8 2.下载好文件打开是这样的,先运行 " ...

  9. 力扣54(java)-螺旋矩阵(中等)

    题目: 给你一个 m 行 n 列的矩阵 matrix ,请按照 顺时针螺旋顺序 ,返回矩阵中的所有元素. 示例 1: 提示: m == matrix.lengthn == matrix[i].leng ...

  10. 深度|为什么一定要从DevOps走向BizDevOps?

    简介: 为更好地厘清波涛汹涌的数字化转型浪潮下软件产业所面对的机遇与挑战,6月29日,阿里云云效与阿里云开发者评测局栏目,联合特邀了InfoQ极客帮副总裁付晓岩.南京大学软件工程学院教授张贺.Thou ...