K
Q

openssl create CA, server certificate, and client certificate

7/6/2018

I'm trying to use helm with tls so I followed https://github.com/kubernetes/helm/blob/master/docs/tiller_ssl.md I generated certificate authority and used it to generate clients and servers certificate using bellow

openssl genrsa -out ./ca.key.pem 4096
openssl req -key ca.key.pem -new -x509 -days 7300 -sha256 -out ca.cert.pem -subj /CN=www.domain.com -extensions v3_ca

openssl genrsa -out ./tiller.key.pem 4096 
openssl genrsa -out ./helm.key.pem 4096


openssl req -key tiller.key.pem -new -sha256 -out tiller.csr.pem  -subj /CN=www.domain.com/emailAddress=userid@domain.com
openssl req -key helm.key.pem -new -sha256 -out helm.csr.pem -subj /CN=www.domain.com/emailAddress=userid@domain.com

openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem -days 365
openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in helm.csr.pem -out helm.cert.pem  -days 365

I created a different tiller and helm certificate but I used different userid in emailAddress=userid@domain.com and installed both server certificates but when I use the client certificate against the server it's verified anyway any client certificate is working with any server certificate so how can I create client certificate to be specific to one server with out the need to use password protected keys.

-- yara mohamed
kubernetes-helm
openssl
ssl-certificate
tls1.2

Similar Questions

Cron Job in Openshift not a valid Template but *batch.CronJob with yml
Kubernetes PVC with ReadWriteMany on AWS
Expose every pod in Redis cluster in Kubernetes
Cluster Autoscaling on AWS not scaling
How to pass an argument to kuttl test and make use of it
How to make ingress use my TLS Certificate in Microk8s
How to stop & exit jenkins from Kubernetes cluster

0 Answers