Polar Snow Documentation

花有重开日 人无再少年

ca证书验证

发表于 分类于 Disqus:

验证证书是否是某 ca 机构颁发

1
2
root@k8s-master:/var/lib/kubelet/pki# openssl verify -CAfile /etc/kubernetes/pki/ca.crt kubelet-client-current.pem
kubelet-client-current.pem: OK

kubelet-client-current.pem 证书是 /etc/kubernetes/pki/ca.crt 该 ca 机构颁发

查看证书详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
root@k8s-master:~/ssl/admin# openssl x509 -in /etc/kubernetes/pki/front-proxy-client.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8005382448281716991 (0x6f18d4ec20fa88ff)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=kubernetes
        Validity
            Not Before: Sep 11 15:15:40 2018 GMT
            Not After : Sep 11 15:15:40 2019 GMT
        Subject: CN=front-proxy-client
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c5:b4:21:b9:ad:4e:19:25:e2:12:78:5b:e3:75:
                    3f:41:70:8d:05:f6:30:7f:72:8d:e7:cb:8b:82:de:
                    be:be:fb:5b:57:fd:4f:7d:12:b7:e3:a8:d3:05:02:
                    59:83:95:dd:14:19:c9:13:cf:96:80:1e:f0:70:39:
                    30:4c:b6:a4:5b:47:83:14:04:fd:b7:b9:6d:4b:3d:
                    a0:f1:e3:39:68:5d:b4:7d:af:3e:99:aa:43:30:d9:
                    e9:45:87:47:c2:4f:61:81:0b:d3:f7:83:bb:98:5c:
                    8e:e5:97:16:8e:23:a3:03:28:19:58:ee:3a:6b:de:
                    ad:bf:54:42:90:80:4f:8f:28:76:bc:49:8d:35:d1:
                    2e:e5:37:8a:aa:d2:be:ec:be:12:d6:b8:88:0b:85:
                    88:1b:7d:1e:23:37:25:2d:c0:ea:d6:4e:6b:5f:81:
                    93:26:6e:be:69:a1:67:e5:75:9a:85:db:a4:56:30:
                    54:13:21:c5:41:46:9a:fd:c9:41:11:13:b9:b8:77:
                    ba:74:26:85:5c:e2:78:b6:61:3b:5f:3c:bc:1a:00:
                    3a:e7:e7:2d:a7:3a:04:17:46:86:66:c3:6c:25:3a:
                    f5:b5:fa:d6:28:cc:7c:6e:08:47:2f:0e:08:f2:8a:
                    46:33:e1:00:d7:9a:ce:e8:fe:80:e9:80:c4:58:53:
                    c4:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication
    Signature Algorithm: sha256WithRSAEncryption
         41:0b:22:92:b5:33:4a:57:76:2f:69:51:12:d1:64:46:4d:f9:
         72:1d:bb:32:2a:f4:c1:e4:58:ae:a3:53:be:8b:b3:da:6b:10:
         ee:4a:15:4d:ad:71:27:6b:d5:dc:ff:12:56:a8:b7:8e:fd:b3:
         ae:90:07:26:6b:e3:16:11:c7:56:79:db:04:f8:09:ca:c5:19:
         c9:0c:54:8e:84:d0:09:e2:34:ed:9b:9c:b4:e8:6a:ae:6a:d1:
         b2:b6:51:22:1c:c0:67:da:9d:1b:06:da:b7:cf:42:2a:98:38:
         d0:48:93:4d:ef:71:73:60:6c:09:19:1d:d9:4e:f1:2d:d2:d4:
         a5:e9:2c:a9:5a:b1:39:54:27:07:09:81:29:54:f8:37:20:db:
         70:8e:7d:16:23:4f:5b:21:a3:02:df:a6:a9:87:f6:a0:10:4a:
         43:73:97:4d:14:b7:4b:06:00:1c:c6:a8:45:d8:97:df:0e:1e:
         70:87:98:ee:08:1f:31:e7:cf:6d:9d:06:05:47:8f:6a:e6:10:
         c8:d7:0a:d3:7a:36:42:a5:05:ef:ba:bb:26:58:aa:ac:fc:8d:
         e4:11:45:12:ef:49:b9:fb:7a:f1:74:c7:41:d5:2f:1b:c2:15:
         7d:87:e1:28:7d:05:e5:59:dc:1d:16:0f:e5:ac:a0:07:e4:f0:
         cf:21:42:a4
相关文章