openssl的命令太多了,非常不容易记住,在此记下常用的:
#生成私钥
(umask 077; openssl genrsa -out dashboard.key 2048)
#根据私钥生成证书签名请求
openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=dashboard/CN=dashboard"
#用CA签署证书(根据csr生成证书)
openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -out dashboard.crt -days 3650
#查看证书信息
openssl x509 -in apiserver-kubelet-client.crt -text -noout