下面介紹cfssl的工具使用
安裝
mkdir -p /opt/local/cfssl
cd /opt/local/cfssl
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
mv cfssl_linux-amd64 cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
mv cfssljson_linux-amd64 cfssljson
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 cfssl-certinfo
chmod +x *
[root@master-47-35 cfssl]# ls -l
總用量 18808
-rwxr-xr-x 1 root root 10376657 3月 30 2016 cfssl
-rwxr-xr-x 1 root root 6595195 3月 30 2016 cfssl-certinfo
-rwxr-xr-x 1 root root 2277873 3月 30 2016 cfssljson
[root@master-47-35 cfssl]# cp * /usr/bin/
驗證證書
[root@master-47-35 cfssl]# cfssl-certinfo -cert /opt/ssl/admin.pem
{
"subject": {
"common_name": "admin",
"country": "CN",
"organization": "system:masters",
"organizational_unit": "System",
"locality": "Beijing",
"province": "Beijing",
"names": [
"CN",
"Beijing",
"Beijing",
"system:masters",
"System",
"admin"
]
},
"issuer": {
"common_name": "kubernetes",
"country": "CN",
"organization": "k8s",
"organizational_unit": "System",
"locality": "Beijing",
"province": "Beijing",
"names": [
"CN",
"Beijing",
"Beijing",
"k8s",
"System",
"kubernetes"
]
},
"serial_number": "276953247810011331158732908402253612536509217156",
"not_before": "2018-08-23T11:13:00Z",
"not_after": "2028-08-20T11:13:00Z",
"sigalg": "SHA256WithRSA",
"authority_key_id": "76:19:31:2:84:7F:C1:33:37:20:2:BD:EB:96:C2:89:D6:73:C:D0",
"subject_key_id": "D8:F8:64:28:CE:BE:17:BE:26:94:16:6C:7F:4C:F0:19:BE:B3:99:CE",
"pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUMIMDXZs78oEj5vvwlLnpruO/uYQwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTE4MDgyMzExMTMwMFoXDTI4MDgyMDExMTMwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0JlaWppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6UfwajvNyPEm\nzFFpg+ipLVzQ2SjueS4RvXGULV5Yx9pqJ0u+Op/IsFFrJBMJWx1f4HPIxx1fvH2m\nM+bYE+151zBZ4siI5+bpsDzORkUJoHQCWAWTFbQ9orqTv1v1log5DcTwhWUgNnTL\nuX7jxXSOUGhQEZ22HMMBuymheomP2gxIcKEDkLtibrdbNLwjl9IN8YqQO45hp3s6\nHeuV39C3PJU4qh5bzR2E7Cy3s5svBJCMDOqIGwnKSP5ZR5DJ7MrOoC4/mFbm0Tyx\nAs5zQG35BQmb3uVH1RxctNNT95fUoApoXi8wZdk+uZB/YKfxW5TLOWyv/HOVq4AN\nznEymygUjwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNj4ZCjOvhe+\nJpQWbH9M8Bm+s5nOMB8GA1UdIwQYMBaAFHYZMQKEf8EzNyACveuWwonWcwzQMA0G\nCSqGSIb3DQEBCwUAA4IBAQAUdC/J308/VcICufXzBM2ETvcxwtMGZexlVW1UFBtZ\nsGD+/Et+TIMUkwgeARIiD7CxRhm7OtA21KYHHJnOQlsB5msEStw5h9AIfhXWMGHS\nDRMG1dkLk5/dz8luMSHyqcCfjOn1AVQzQueYK3ETSUbWoHzfXABj/uG7KzC7JuDZ\ng4bC8zkoqOHyCr3ZW8BarrXrZcOPIeHA33NbPQha1QtsUWouvKXOI7+VNzzzpCIa\nVkIUx0zoiPM9CAy/usOBen7PM5B4+CQQiiFQa488f71VkAo0zstV/6zAi1lildYz\nUuaEIJCSWKKao4YFdcCeg+QUfraHn69tyStekCmB0GbO\n-----END CERTIFICATE-----\n"
}
[root@master-47-35 cfssl]# cfssl certinfo -cert /opt/ssl/admin.pem
{
"subject": {
"common_name": "admin",
"country": "CN",
"organization": "system:masters",
"organizational_unit": "System",
"locality": "Beijing",
"province": "Beijing",
"names": [
"CN",
"Beijing",
"Beijing",
"system:masters",
"System",
"admin"
]
},
"issuer": {
"common_name": "kubernetes",
"country": "CN",
"organization": "k8s",
"organizational_unit": "System",
"locality": "Beijing",
"province": "Beijing",
"names": [
"CN",
"Beijing",
"Beijing",
"k8s",
"System",
"kubernetes"
]
},
"serial_number": "276953247810011331158732908402253612536509217156",
"not_before": "2018-08-23T11:13:00Z",
"not_after": "2028-08-20T11:13:00Z",
"sigalg": "SHA256WithRSA",
"authority_key_id": "76:19:31:2:84:7F:C1:33:37:20:2:BD:EB:96:C2:89:D6:73:C:D0",
"subject_key_id": "D8:F8:64:28:CE:BE:17:BE:26:94:16:6C:7F:4C:F0:19:BE:B3:99:CE",
"pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUMIMDXZs78oEj5vvwlLnpruO/uYQwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTE4MDgyMzExMTMwMFoXDTI4MDgyMDExMTMwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0JlaWppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6UfwajvNyPEm\nzFFpg+ipLVzQ2SjueS4RvXGULV5Yx9pqJ0u+Op/IsFFrJBMJWx1f4HPIxx1fvH2m\nM+bYE+151zBZ4siI5+bpsDzORkUJoHQCWAWTFbQ9orqTv1v1log5DcTwhWUgNnTL\nuX7jxXSOUGhQEZ22HMMBuymheomP2gxIcKEDkLtibrdbNLwjl9IN8YqQO45hp3s6\nHeuV39C3PJU4qh5bzR2E7Cy3s5svBJCMDOqIGwnKSP5ZR5DJ7MrOoC4/mFbm0Tyx\nAs5zQG35BQmb3uVH1RxctNNT95fUoApoXi8wZdk+uZB/YKfxW5TLOWyv/HOVq4AN\nznEymygUjwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNj4ZCjOvhe+\nJpQWbH9M8Bm+s5nOMB8GA1UdIwQYMBaAFHYZMQKEf8EzNyACveuWwonWcwzQMA0G\nCSqGSIb3DQEBCwUAA4IBAQAUdC/J308/VcICufXzBM2ETvcxwtMGZexlVW1UFBtZ\nsGD+/Et+TIMUkwgeARIiD7CxRhm7OtA21KYHHJnOQlsB5msEStw5h9AIfhXWMGHS\nDRMG1dkLk5/dz8luMSHyqcCfjOn1AVQzQueYK3ETSUbWoHzfXABj/uG7KzC7JuDZ\ng4bC8zkoqOHyCr3ZW8BarrXrZcOPIeHA33NbPQha1QtsUWouvKXOI7+VNzzzpCIa\nVkIUx0zoiPM9CAy/usOBen7PM5B4+CQQiiFQa488f71VkAo0zstV/6zAi1lildYz\nUuaEIJCSWKKao4YFdcCeg+QUfraHn69tyStekCmB0GbO\n-----END CERTIFICATE-----\n"
}
openssl安裝請自行百度
openssl
[root@master-47-35 cfssl]# openssl x509 -in /opt/ssl/admin.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:83:03:5d:9b:3b:f2:81:23:e6:fb:f0:94:b9:e9:ae:e3:bf:b9:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=Beijing, L=Beijing, O=k8s, OU=System, CN=kubernetes
Validity
Not Before: Aug 23 11:13:00 2018 GMT
Not After : Aug 20 11:13:00 2028 GMT
Subject: C=CN, ST=Beijing, L=Beijing, O=system:masters, OU=System, CN=admin
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e9:47:f0:6a:3b:cd:c8:f1:26:cc:51:69:83:e8:
a9:2d:5c:d0:d9:28:ee:79:2e:11:bd:71:94:2d:5e:
58:c7:da:6a:27:4b:be:3a:9f:c8:b0:51:6b:24:13:
09:5b:1d:5f:e0:73:c8:c7:1d:5f:bc:7d:a6:33:e6:
d8:13:ed:79:d7:30:59:e2:c8:88:e7:e6:e9:b0:3c:
ce:46:45:09:a0:74:02:58:05:93:15:b4:3d:a2:ba:
93:bf:5b:f5:96:88:39:0d:c4:f0:85:65:20:36:74:
cb:b9:7e:e3:c5:74:8e:50:68:50:11:9d:b6:1c:c3:
01:bb:29:a1:7a:89:8f:da:0c:48:70:a1:03:90:bb:
62:6e:b7:5b:34:bc:23:97:d2:0d:f1:8a:90:3b:8e:
61:a7:7b:3a:1d:eb:95:df:d0:b7:3c:95:38:aa:1e:
5b:cd:1d:84:ec:2c:b7:b3:9b:2f:04:90:8c:0c:ea:
88:1b:09:ca:48:fe:59:47:90:c9:ec:ca:ce:a0:2e:
3f:98:56:e6:d1:3c:b1:02:ce:73:40:6d:f9:05:09:
9b:de:e5:47:d5:1c:5c:b4:d3:53:f7:97:d4:a0:0a:
68:5e:2f:30:65:d9:3e:b9:90:7f:60:a7:f1:5b:94:
cb:39:6c:af:fc:73:95:ab:80:0d:ce:71:32:9b:28:
14:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D8:F8:64:28:CE:BE:17:BE:26:94:16:6C:7F:4C:F0:19:BE:B3:99:CE
X509v3 Authority Key Identifier:
keyid:76:19:31:02:84:7F:C1:33:37:20:02:BD:EB:96:C2:89:D6:73:0C:D0
Signature Algorithm: sha256WithRSAEncryption
14:74:2f:c9:df:4f:3f:55:c2:02:b9:f5:f3:04:cd:84:4e:f7:
31:c2:d3:06:65:ec:65:55:6d:54:14:1b:59:b0:60:fe:fc:4b:
7e:4c:83:14:93:08:1e:01:12:22:0f:b0:b1:46:19:bb:3a:d0:
36:d4:a6:07:1c:99:ce:42:5b:01:e6:6b:04:4a:dc:39:87:d0:
08:7e:15:d6:30:61:d2:0d:13:06:d5:d9:0b:93:9f:dd:cf:c9:
6e:31:21:f2:a9:c0:9f:8c:e9:f5:01:54:33:42:e7:98:2b:71:
13:49:46:d6:a0:7c:df:5c:00:63:fe:e1:bb:2b:30:bb:26:e0:
d9:83:86:c2:f3:39:28:a8:e1:f2:0a:bd:d9:5b:c0:5a:ae:b5:
eb:65:c3:8f:21:e1:c0:df:73:5b:3d:08:5a:d5:0b:6c:51:6a:
2e:bc:a5:ce:23:bf:95:37:3c:f3:a4:22:1a:56:42:14:c7:4c:
e8:88:f3:3d:08:0c:bf:ba:c3:81:7a:7e:cf:33:90:78:f8:24:
10:8a:21:50:6b:8f:3c:7f:bd:55:90:0a:34:ce:cb:55:ff:ac:
c0:8b:59:62:95:d6:33:52:e6:84:20:90:92:58:a2:9a:a3:86:
05:75:c0:9e:83:e4:14:7e:b6:87:9f:af:6d:c9:2b:5e:90:29:
81:d0:66:ce
end