自己頒發(fā)證書
這里已經(jīng)在上面的文章里提到過,使用了 cfssl 和 openssl 來作為證書生產(chǎn)工具.
在第9層,我給dashboard 生產(chǎn)了自定義證書,并實現(xiàn)了如下效果:
image.png
注意這里的綠色: 連接是安全的灯谣,主要是我們加入了信任的根機構(gòu)證書。
在window上蛔琅,pem 無法直接導(dǎo)入胎许,所以我有使用了openssl 把pem轉(zhuǎn)換成了cer 證書。
注: crt 也是直接可以在windows 安裝的。
怎么做的辜窑?
這里權(quán)當(dāng)做學(xué)習(xí)吧钩述!
[root@k8s-node1 etcd]# ls
ca.cer ca.csr ca-key.pem etcd etcdctl install k8s-local.csr k8s-local-key.pem kubernetes.csr kubernetes.pem ssl
ca-config.json ca-csr.json ca.pem etcd-2.etcd etcd.yaml k8s-csr.json k8s-local.json k8s-local.pem kubernetes-key.pem nohup.out
[root@k8s-node1 etcd]# openssl x509 -in ca.pem -text -out ca.cer
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:22:46:76:5a:d1:1c:3c:c9:55:07:64:80:37:b0:66:08:5d:c0:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=shenzhen, L=shenzhen, O=k8s, OU=System, CN=kubernetes
Validity
Not Before: Nov 2 07:50:00 2019 GMT
Not After : Oct 31 07:50:00 2024 GMT
Subject: C=CN, ST=shenzhen, L=shenzhen, O=k8s, OU=System, CN=kubernetes
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:d5:e2:17:10:54:6d:c9:85:fd:1f:14:75:01:
30:51:82:49:87:65:33:04:b0:8c:8c:cf:23:98:5d:
64:45:f9:01:bf:78:a3:46:9a:72:3f:79:d1:2f:be:
db:1d:8c:e4:a0:c0:68:9f:e9:0f:29:31:da:13:f6:
34:90:f6:3a:c3:4f:d8:b4:82:19:f1:e7:91:df:34:
27:c0:4f:bd:14:58:b0:f7:c9:95:7c:bd:9a:43:43:
f4:92:ec:c5:e5:aa:31:62:48:60:43:b1:87:9b:20:
29:12:8a:96:9b:33:f1:fd:cf:e2:b4:ae:c7:2e:4d:
f2:f6:9a:74:5b:07:4e:94:68:ce:a1:b4:be:2b:85:
39:6d:8e:c3:98:9e:b1:d7:d9:7c:0d:b0:cd:d6:08:
cf:b6:f9:a7:1a:3b:91:19:58:a1:9e:c4:e3:07:89:
0a:49:88:29:45:ad:f6:3d:e6:8f:8a:e5:82:a2:89:
f2:36:96:85:24:6b:57:f1:03:fa:f7:fe:16:2c:4e:
7c:e4:43:50:0e:b5:0a:de:2b:42:82:4f:5d:92:6c:
6b:69:f0:d6:23:e6:05:75:5d:8b:c3:34:dc:8d:4e:
c2:05:7d:4e:6b:4e:f7:90:1b:eb:df:cf:3b:4c:63:
f9:30:08:de:32:9c:d2:49:d1:22:3d:bf:53:f5:4d:
2a:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:2
X509v3 Subject Key Identifier:
0B:89:F2:49:E2:C3:A5:31:A0:39:A2:B6:97:80:0A:6C:B8:CD:3A:2B
X509v3 Authority Key Identifier:
keyid:0B:89:F2:49:E2:C3:A5:31:A0:39:A2:B6:97:80:0A:6C:B8:CD:3A:2B
Signature Algorithm: sha256WithRSAEncryption
33:aa:87:d0:ab:b2:29:36:7d:b1:18:05:46:8e:f4:a8:53:f2:
09:df:21:14:82:bb:cc:fc:97:35:8e:5a:90:04:eb:62:10:cd:
30:43:96:84:4b:d5:97:99:54:00:54:44:d7:a4:8f:38:11:25:
6f:dc:e8:9e:b0:d4:59:00:a1:53:af:26:e9:c7:71:d5:35:13:
b6:60:61:77:ae:ae:d2:e4:89:08:c5:d5:ee:35:2a:ee:93:cb:
56:fa:ab:88:be:0a:b1:5b:c1:0f:13:77:5d:d9:f7:7d:f8:b6:
23:7d:29:52:44:6e:31:04:06:77:16:d6:aa:f9:70:35:ca:a4:
95:ee:52:74:d6:0b:d8:c8:96:7a:7c:83:ef:df:a2:15:0b:4e:
45:d9:81:85:a2:5c:ed:d8:28:88:19:0c:e6:3f:db:16:75:da:
db:7e:8f:00:7e:ad:7a:2d:06:be:15:fb:40:1c:57:5b:e0:6c:
29:9d:50:a4:11:7f:ca:fd:f2:6c:3d:47:50:41:f7:05:75:bb:
6b:ca:f2:72:ed:33:8e:37:33:7b:6e:38:2a:2b:b7:a2:58:ce:
b8:b6:2a:13:fe:60:c5:08:0b:51:b8:03:4f:14:82:34:7a:b3:
25:05:16:d3:e7:9d:e9:ff:58:da:1a:56:38:ae:bf:d4:e4:12:
21:bb:b8:a0
此時,我們生成了證書根機構(gòu)的 ca.cert 證書:
image.png
雙擊穆碎,一步一步在最后把這個證書加入到本計算機的信任根證書列表即可切距。
我們的根機構(gòu)證書:
image.png
證書方面的知識
簽發(fā)
image.png
瀏覽器CA認(rèn)證
image.png
