cfssl制作证书
cat ca-config.json
{
"signing": {
"default": {
"expiry": "168h"
},
"profiles": {
"etcd": {
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
},
"client": {
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
},
"peer": {
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
设置好配置文件,执行一下操作
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cat server-csr.config
{
"CN": "ETCD-SERVER",
"hosts": [
"172.17.0.2",
"172.17.0.3",
"172.17.0.4",
],
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "CN",
"L": "JS",
"ST": "SUZHOU"
}
]
}
执行一下生成服务端证书
cfssl gencert -ca ca.pem -ca-key ca-key.pem -config ca-config.json -profile etcd \
server-csr.json | cfssljson -bare server
下面我附带几个我已经准备好的证书
https://github.com/xiaodong84/cfssl