starlingx/docs
Code Issues Proposed changes
810927b055
docs/doc/source/security/kubernetes/utility-script-to-display-certificates.rst

79 lines
2.4 KiB
ReStructuredText
Raw Normal View History

Added new topic with Utility script added to display certificates installed on a system updated Patchset 5 comments Updated Patchset 4 comments Updated Patchset 1 comments Story: https://storyboard.openstack.org/#!/story/2009190 Task: 43396 Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Change-Id: I82bcb12060cfa0c0d4ed26b352d4d5391f66aa91 Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2021-09-23 12:52:15 -04:00
.. _utility-script-to-display-certificates:
------------------------------------------
Display Certificates Installed on a System
------------------------------------------
The utility script **show-certs.sh** can be used to display an overview of the
various certificates that exist in the system along with their expiry date.
The :command:`show-certs.sh` command has the following options:
**sudo show-certs.sh [-k] [-e <number-of-days>] [-h]**
where:
By default, :command:`show-certs.sh` command displays the platform-managed
system certificates, and (highlighted in red) certificates requiring manual
renewal, and certificates expiring within 90 days.
options:
-k displays certificates found in any Kubernetes SECRETS;
this may include platform certificates and end-users' certificates
-e <number-of-days> changes to highlight (in red) certificates within
<number-of-days> of expiry
-h displays help
For example:
.. code-block:: none
~(keystone_admin)]$ sudo show-certs.sh
registry.local CERTIFICATE:
-----------------------------------------------------
Renewal : Manual
Filename : /etc/ssl/private/registry-cert.crt
Subject : /CN=registry.local
Issuer : /CN=registry.local
Issue Date : Aug 31 01:43:09 2021 GMT
Expiry Date : Aug 31 01:43:09 2022 GMT
Residual Time : 341d
-----------------------------------------------------
For scalability in a Distributed cloud system, the Subcloud ICA certificates
are redirected to a file. The script displays the path to the file with a note
Updates on Certificate Management (pick) Removed rst substitution from tables and inline markups. Updated table and reestructured sections in the overview. Fixed issues, reworded paragraphs, changed titles. Deleted unnecessary sections, added a new item to section and fixed editorial issues. Fixed editorial and formatting issues. Fixed more editorial and formatting issues. Fixed formatting and editorial issues. Added command line. Fixed command line. Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com> Change-Id: I69874db16c76d5aceac706f2b8033771780500ca
2021-10-21 16:20:15 -03:00
at the end of the displayed output.
Added new topic with Utility script added to display certificates installed on a system updated Patchset 5 comments Updated Patchset 4 comments Updated Patchset 1 comments Story: https://storyboard.openstack.org/#!/story/2009190 Task: 43396 Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com> Change-Id: I82bcb12060cfa0c0d4ed26b352d4d5391f66aa91 Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
2021-09-23 12:52:15 -04:00
.. code-block:: none
Subcloud ICA certificates (*-adminep-ca-certificate) are saved to
/tmp/subcloud-icas-tls-secrets.HqZSBQoUUJ.txt in order to limit the
size of the output.
For example,
.. code-block:: none
~(keystone_admin)]$ cat /tmp/subcloud-icas-tls-secrets.HqZSBQoUUJ.txt
Renewal Namespace Secret Residual Time
---------------------------------------------------------------------------------------
Automatic [Managed by Cert-Manager] dc-cert subcloud1-adminep-ca-certificate 364d
Automatic [Managed by Cert-Manager] dc-cert subcloud10-adminep-ca-certificate 364d
Automatic [Managed by Cert-Manager] dc-cert subcloud100-adminep-ca-certificate 364d
---------------------------------------------------------------------------------------
Copy Permalink