K
Q

Check the the value of an SSL cert loaded in NGINX on a Kubernetes cluster

11/2/2017

I want to know if it possible to view the content of a certificate that is currently loaded by NGINX.

The use case is in Kubernetes where a secret was changed with a new .key and .crt and I don't know if the pods have undergone a restart since the secret was changed.

I know its possible to view the currently installed secret on the Kubernetes cluster with

kubectl get secret <secret> -o yaml

I confirmed the config file loaded by nginx by checking the process

ps aux

I also know that I can view the contents of the nginx.conf and see that it refers to the mount point where the certificate is located

    ssl_certificate         /etc/vol/sslcert.crt;
    ssl_certificate_key     /etc/vol/sslcert.key;

But since the name of the .crt and .key never changed in the secret (only the values), I can't tell from that alone which certificate is currently loaded

Is there any way to confirm the actual content that is being held in memory?

-- ARL
kubernetes
nginx
ssl-certificate

Similar Questions

How to list all containers running in a pod, including init containers?
redis-ha : Unable to create specified number of masters in cluster
Unable to delete or create azure aks instances
Both public and intranet services on the same OpenShift cluster

2 Answers

11/5/2017

With kubectl proxy, you can open UI in local host In Secrets tab, when you click on secret corresponding to your cert, you can view the actual certificate installed in the pod. (click on the eye icon)

-- ksholla20
Source: StackOverflow
11/2/2017

My advice would be to access the server and get the certificate that returns. This answer uses openssl and should work for your case: https://serverfault.com/a/661982/380575

-- Javier Salmeron
Source: StackOverflow