Last active
September 1, 2023 10:37
-
-
Save RafaelClaumann/35af947918f4c1d0699f15eee7ed8cb7 to your computer and use it in GitHub Desktop.
Create self-signed certificate (rootCA.crt, rootCA.key, server.key, server.csr, server.crt)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.shellhacks.com/create-csr-openssl-without-prompt-non-interactive/ | |
| # create a CA to sign server certificate(server.crt), server certificate will be created in next steps. | |
| # generated_files: ca.crt ca.key | |
| openssl req -x509 -sha256 \ | |
| -nodes \ | |
| -newkey rsa:2048 \ | |
| -keyout ca.key \ | |
| -out ca.crt \ | |
| -subj "/C=BR/ST=Santa Catarina/L=Florianopolis/O=Certificate Authority/OU=Root" \ | |
| -days 356 | |
| # create a private server key(server.key) and Certificate Signing Request(server.csr) to use | |
| # when signing server certificate(server.crt) in next steps. | |
| # generated_files: server.key server.csr | |
| openssl req \ | |
| -nodes \ | |
| -newkey rsa:2048 \ | |
| -keyout server.key \ | |
| -out server.csr \ | |
| -subj "/C=BR/ST=Santa Catarina/L=Florianopolis/O=Admission Webhook/OU=Kubernetes" | |
| # generate a server certificate(server.crt) using ca.crt, ca.key, server.csr. | |
| # generated_files: server.crt server.srl | |
| openssl x509 -req \ | |
| -extfile <(printf "subjectAltName=DNS:warden.validation.svc") \ | |
| -in server.csr \ | |
| -CA ca.crt \ | |
| -CAkey ca.key \ | |
| -CAcreateserial \ | |
| -out server.crt \ | |
| -days 365 | |
| # usage example, kubernetes validating-admisison-webhook | |
| # https://github.com/RafaelClaumann/some-kubernetes-study/tree/main/validating-admission-webhook |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment