1、cfssl 字签证书
查看证书
可以使用以下命令查询CFSSL证书是否过期:
复制代码| cfssl certinfo -cert <certificate_file> |
其中,<certificate_file>为证书文件路径。执行该命令后,会输出证书的相关信息,包括有效期等信息。可以根据输出结果判断证书是否过期。
[root@mcwk8s03 ~]# ls k8s/
apiserver.sh controller-manager.sh etcd-cert etcd-v3.3.10-linux-amd64 k8s-cert kubeconfig scheduler.sh
cfssl.sh dashboard etcd.sh etcd-v3.3.10-linux-amd64.tar.gz k8sPkg master.zip
[root@mcwk8s03 ~]# ls k8s/k8s-cert/
admin.csr admin-key.pem ca-config.json ca-csr.json ca.pem kube-proxy.csr kube-proxy-key.pem server.csr server-key.pem
admin-csr.json admin.pem ca.csr ca-key.pem k8s-cert.sh kube-proxy-csr.json kube-proxy.pem server-csr.json server.pem
[root@mcwk8s03 ~]# ls k8s/k8s-cert/admin.pem
k8s/k8s-cert/admin.pem
[root@mcwk8s03 ~]# cat k8s/k8s-cert/admin.pem
-----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL
BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl
aWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr
dWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG
A1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV
BgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT
BWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol
IY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT
MswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL
Ff4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E
tzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y
wAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel
3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6
+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G
CSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N
AgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo
AUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ
teV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H
Mj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1
gi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC
-----END CERTIFICATE-----
[root@mcwk8s03 ~]# cfssl certinfo -cert k8s/k8s-cert/admin.pem
{
"subject": {
"common_name": "admin",
"country": "CN",
"organization": "system:masters",
"organizational_unit": "System",
"locality": "BeiJing",
"province": "BeiJing",
"names": [
"CN",
"BeiJing",
"BeiJing",
"system:masters",
"System",
"admin"
]
},
"issuer": {
"common_name": "kubernetes",
"country": "CN",
"organization": "k8s",
"organizational_unit": "System",
"locality": "Beijing",
"province": "Beijing",
"names": [
"CN",
"Beijing",
"Beijing",
"k8s",
"System",
"kubernetes"
]
},
"serial_number": "169845758887256605723302231706311763439890928044",
"not_before": "2022-10-30T14:35:00Z",
"not_after": "2032-10-27T14:35:00Z",
"sigalg": "SHA256WithRSA",
"authority_key_id": "EF:F2:18:67:60:99:7C:CC:F7:84:54:4B:CC:E7:30:F:25:33:85:88",
"subject_key_id": "EE:D5:DF:AE:5A:FD:F9:BA:FA:17:15:B9:59:46:CA:24:9B:E2:E:C3",
"pem": "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIUHcAlsTUuMsxXSUMfH6vwkkrPEawwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTIyMTAzMDE0MzUwMFoXDTMyMTAyNzE0MzUwMFowazELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxFzAV\nBgNVBAoTDnN5c3RlbTptYXN0ZXJzMQ8wDQYDVQQLEwZTeXN0ZW0xDjAMBgNVBAMT\nBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZPiaixPbzol\nIY2bHtP7sPcjUXJSbNanKN4qhJQGibkxZ5pwQwP3PcY1Q79Fl0LjKeQ+YvwzwWaT\nMswKB7QR/PRjOOvaUygmF8qwbvijMUApvu6z3REfOPIJeu0vMmGFb5iiRwbZclcL\nFf4riyrtbs25gfo3JsF3vh5t5+4IG1fvlVf0T06dOktUBCmqmKycHOMCp1tJoV0E\ntzyWnQKUPoP71aNbk1oU8f1Eg4NmFlL6UVXYQZDnIZaKJ7O2vGj3bQThWiehxC7y\nwAgZuwz30iJw1I2tGmgf4i9p9lv0DQ3g6HFIadWJYgHYPRlXNAm6HO2N0WWVIYel\n3ZJAKT0PaQIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\nBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7V365a/fm6\n+hcVuVlGyiSb4g7DMB8GA1UdIwQYMBaAFO/yGGdgmXzM94RUS8znMA8lM4WIMA0G\nCSqGSIb3DQEBCwUAA4IBAQDEqAVIptH/HoE6y2YzlWhd+lmt6FVkYhJadSGpxI0N\nAgGS3MS8IWrQ1xjM+nkT9FvliZFesN5FGALEOlgmBzuFsRiGKNl9gGDUdNx079Qo\nAUkdf25ONxqbhx5Vy9okz46Vh2AdnswDKYZAuGXkR+KlAUt9z7ApDAphRPNwCvbQ\nteV/KsJTQy35y9IEazYeQ9+8SiszDTo8puoaCuYESR9okEga2pkMHbUSPJ6rtk5H\nMj/elP/UObP8iFp4K6gwW4kAYIJvuIpQiFyv2Tm9CIKsT+wme10aQ3UR7DHvWfF1\ngi9N6yywrAVAjlzdTRZ6/zRAkjxrcl3CVtqdYNb3MidC\n-----END CERTIFICATE-----\n"
}
[root@mcwk8s03 ~]#
疑问:其它工具生成的证书,是否也可以用这个工具来查询到信息呢,应该是可以的吧,它跟什么生成的没关系,应该跟文件格式有关系吧。
标签:证书,admin,pem,cert,-----,相关,k8s,csr From: https://www.cnblogs.com/machangwei-8/p/17897282.html