cfssl
cfssl copied to clipboard
cloudflare
[help] A question about the value of the subject.names.* field of pem certificates
Hello, everyone
mkdir -p /download/ssl
cat > /download/ssl/ca-config.json <<EOF { "signing": { "default": { "expiry": "876000h" }, "profiles": { "kubernetes": { "expiry": "876000h", "usages": [ "signing","key encipherment", "server auth", "client auth" ] } } } } EOF
cat > /download/ssl/feiji_dev-group_csr.json <<EOF { "CN": "feiji", "key": { "algo": "rsa", "size": 2048 }, "hosts": [], "name": [ { "C": "CN", "ST": "Jiangsu", "L": "Nanjing", "O": "dev-group", "OU": "IT" } ] } EOF
#Generating a certificate cfssl gencert -ca=/etc/kubernetes/pki/ca.crt -ca-key=/etc/kubernetes/pki/ca.key -config=/download/ssl/ca-config.json -profile=kubernetes /download/ssl/feiji_dev-group_csr.json | cfssljson -bare feiji_dev-group
#Viewing certificate information root@k8s-master-01:/download/ssl# cfssl-certinfo -cert /download/ssl/feiji_dev-group.pem { "subject": { "common_name": "feiji", "names": [ "feiji" ] }, "issuer": { "common_name": "kubernetes", "names": [ "kubernetes" ] }, "serial_number": "223711557935640467154917044379599514617937919738", "not_before": "2024-12-27T08:41:00Z", "not_after": "2124-12-03T08:41:00Z", "sigalg": "SHA256WithRSA", "authority_key_id": "35:DB:29:91:1C:85:21:0B:D3:D3:05:B4:DC:62:B7:ED:7C:D6:B0:93", "subject_key_id": "AA:EE:BE:36:64:F6:26:98:C1:1D:42:14:D0:E8:35:84:B5:A8:CB:A0", "pem": "-----BEGIN CERTIFICATE-----\nMIIDODCCAiCgAwIBAgIUJy+SvWrg/l/Dsd1sKo3UcXlj/vowDQYJKoZIhvcNAQEL\nBQAwFTETMBEGA1UEAxMKa3ViZXJuZXRlczAgFw0yNDEyMjcwODQxMDBaGA8yMTI0\nMTIwMzA4NDEwMFowFDESMBAGA1UEAxMJd2FuZ3hpYW5nMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAwFXwKC6vp+tNETI9alWYKEVwqFQiTFKXbRVDcUGz\nTlIvALM2TaepBxoXlIYcopM5T6QoY1aOdq+37uEbdKKQbrtqSAqaKtVAYQdMvzzZ\nGJSqwdSzGw1GVJtTWkUgYiQpjAxg1MkWtRzf01+oHjXVZjUX0T8+MLs5r5EXkSJ4\nwrcH6TwbpSdZMdUCcTGz6nX5oNeeirCboHbGPnSHF7o2ohOQRLhpTIB1uzoqLsrf\nL2Nqj4qFegNP14zyOrvBTwWf+9Hon9I5kM+h9r9NZ7azlhCi39fA3xBaJeVwysSd\nTYZvOzzzuvi0Q2cJE1F6bv5AvhY82tJYbMdJCL+8xJm6xwIDAQABo38wfTAOBgNV\nHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud\nEwEB/wQCMAAwHQYDVR0OBBYEFKruvjZk9iaYwR1CFNDoNYS1qMugMB8GA1UdIwQY\nMBaAFDXbKZEchSEL09MFtNxit+181rCTMA0GCSqGSIb3DQEBCwUAA4IBAQC8ybte\n6aqQJdY+ftihxl/lxG418eeg6lQzXKjQULoki8CawdbE/Ssxsh7REknlkCEjGT66\nRhwUT2MtKrimtQ+ygVQyTMNN+fAAqUOUTx0r6OdU1M2zcXe7N75YRaDifuVjKcP/\nHGQgstGH6u0qi8JI3LbOBZr3tYMGvFGqk89AjH3tQMO/NObiz4drmqFTqMWTCpLi\nDFoLzWkYvunqAdX60eXYMVEM8Z+t3L1ecUJEMOemaFJB+R2LQJkgQ1RUCFhiTcph\nnx6p6Fg1GXZZtOtapBAJFM/Rh3RxPEhf7k82POJs636ppPyggBfpJefXkH8GFkyd\ndtlD/2Jf25zYEKTg\n-----END CERTIFICATE-----\n" }
The generated feiji_dev-group.pem certificate does not see the value of the O field or any of the following fields
"C": "CN", "ST": "Jiangsu", "L": "Nanjing", "O": "dev-group", "OU": "IT"
