-->
  • Recent Articles

    How to create self signed certificate for Kubernetes Ingress controller

     

    How to create self signed certificate for Kubernetes Ingress controller

    Create CA key

    openssl genrsa -out ca.key 4096

    Create CA certificate

    openssl req -x509 -new -nodes -key ca.key -subj "/CN=*.example.com" -days 730 -out ca.crt

    Create Certificate Key

    openssl genrsa -out server.key 4096

    Create a CSR file

    Create a csr file with following content in "csr.conf"
    vi csr.conf

    [ req ]
    default_bits = 4096
    prompt = no
    default_md = sha256
    req_extensions = req_ext
    distinguished_name = dn

    [ dn ]
    C = US
    ST = New York
    L = New York City
    O = example
    OU = IT
    CN = *.example.com

    [ req_ext ]
    subjectAltName = @alt_names

    [ alt_names ]
    DNS.1 = kubernetes
    DNS.2 = kubernetes.default
    DNS.3 = kubernetes.default.svc
    DNS.4 = kubernetes.default.svc.cluster
    DNS.5 = kubernetes.default.svc.cluster.local
    DNS.6 = dev.example.com


    [ v3_ext ]
    authorityKeyIdentifier=keyid,issuer:always
    basicConstraints=CA:FALSE
    keyUsage=keyEncipherment,dataEncipherment
    extendedKeyUsage=serverAuth,clientAuth
    subjectAltName=@alt_names

    openssl req -new -key server.key -out server.csr -config csr.conf

    Create a Certificate

    openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 730 -extensions v3_ext -extfile csr.conf

    Test the Certificate

    openssl x509  -noout -text -in ./server.crt

    No comments