starlingx/docs
Code Issues Proposed changes
833451bd9f
docs/doc/source/security/kubernetes/create-certificates-locally-using-openssl.rst
Juanita-Balaraj 35021e03fe Updated CN to "CN=registry.local" (r6, dsr6, r7, dsr7) 
Closes-Bug:1997489

Signed-off-by: Juanita-Balaraj <juanita.balaraj@windriver.com>
Change-Id: Ia119e8d8cf8db3a277b04cf3620f68129707f4dd
2022-11-22 21:11:29 +00:00

1.8 KiB
Raw Blame History

Create Certificates Locally using openssl

You can use openssl to locally create certificates suitable for use in a lab environment.

  1. Create a Root Certificate and Key

    1. Create the Root CA private key.

      $ openssl genrsa -out my-root-ca-key.pem 2048

    2. Generate the Root CA x509 certificate.

      $ openssl req -x509 -new -nodes -key my-root-ca-key.pem \
-days 1024 -out my-root-ca-cert.pem -outform PEM
  2. Create and Sign a Server Certificate and Key.

    1. Create the Server private key.

      $ openssl genrsa -out my-server-key.pem 2048

    2. Create the Server certificate signing request (csr).

      Specify "CN=registry.local" and do not specify a challenge password.

      $ openssl req -new -key my-server-key.pem -out my-server.csr

    3. Create the list.

      $ echo subjectAltName = IP:<WRCP-OAM-Floating-IP>,IP:<WRCP-MGMT-Floating-IP>,DNS:registry.local,DNS:registry.central > extfile.cnf

    4. Use the my-root-ca to sign the server certificate.

      $ openssl x509 -req -in my-server.csr -CA my-root-ca-cert.pem \
-CAkey my-root-ca-key.pem -CAcreateserial -out my-server-cert.pem \
-days 365 -extfile extfile.cnf

    5. Put the server certificate and key into a single file.

      $ cat my-server-cert.pem my-server-key.pem > my-server.pem