4d8775ca61
Removed rst substitution from tables and inline markups. Updated table and reestructured sections in the overview. Fixed issues, reworded paragraphs, changed titles. Deleted unnecessary sections, added a new item to section and fixed editorial issues. Fixed editorial and formatting issues. Fixed more editorial and formatting issues. Fixed formatting and editorial issues. Added command line. Fixed command line. Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com> Change-Id: I69874db16c76d5aceac706f2b8033771780500ca
79 lines
2.4 KiB
ReStructuredText
79 lines
2.4 KiB
ReStructuredText
|
|
|
|
.. _utility-script-to-display-certificates:
|
|
|
|
------------------------------------------
|
|
Display Certificates Installed on a System
|
|
------------------------------------------
|
|
|
|
The utility script **show-certs.sh** can be used to display an overview of the
|
|
various certificates that exist in the system along with their expiry date.
|
|
|
|
The :command:`show-certs.sh` command has the following options:
|
|
|
|
**sudo show-certs.sh [-k] [-e <number-of-days>] [-h]**
|
|
|
|
where:
|
|
|
|
By default, :command:`show-certs.sh` command displays the platform-managed
|
|
system certificates, and (highlighted in red) certificates requiring manual
|
|
renewal, and certificates expiring within 90 days.
|
|
|
|
options:
|
|
|
|
-k displays certificates found in any Kubernetes SECRETS;
|
|
this may include platform certificates and end-users' certificates
|
|
|
|
-e <number-of-days> changes to highlight (in red) certificates within
|
|
<number-of-days> of expiry
|
|
|
|
-h displays help
|
|
|
|
For example:
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)]$ sudo show-certs.sh
|
|
|
|
registry.local CERTIFICATE:
|
|
-----------------------------------------------------
|
|
Renewal : Manual
|
|
Filename : /etc/ssl/private/registry-cert.crt
|
|
Subject : /CN=registry.local
|
|
Issuer : /CN=registry.local
|
|
Issue Date : Aug 31 01:43:09 2021 GMT
|
|
Expiry Date : Aug 31 01:43:09 2022 GMT
|
|
Residual Time : 341d
|
|
-----------------------------------------------------
|
|
|
|
For scalability in a Distributed cloud system, the Subcloud ICA certificates
|
|
are redirected to a file. The script displays the path to the file with a note
|
|
at the end of the displayed output.
|
|
|
|
.. code-block:: none
|
|
|
|
Subcloud ICA certificates (*-adminep-ca-certificate) are saved to
|
|
/tmp/subcloud-icas-tls-secrets.HqZSBQoUUJ.txt in order to limit the
|
|
size of the output.
|
|
|
|
For example,
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)]$ cat /tmp/subcloud-icas-tls-secrets.HqZSBQoUUJ.txt
|
|
|
|
Renewal Namespace Secret Residual Time
|
|
---------------------------------------------------------------------------------------
|
|
Automatic [Managed by Cert-Manager] dc-cert subcloud1-adminep-ca-certificate 364d
|
|
Automatic [Managed by Cert-Manager] dc-cert subcloud10-adminep-ca-certificate 364d
|
|
Automatic [Managed by Cert-Manager] dc-cert subcloud100-adminep-ca-certificate 364d
|
|
---------------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|