You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
How to set the expiry of peer certificate when using --peer-auto-tls?
If point 1 above is not possible, can you please give me cfssl command to generate my own cert just like --peer-auto-tls?
I tried https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.md and certs come with Signature Algorithm: sha256WithRSAEncryption and it wont work because of ip mismatch.
So, basically my question here is how to use cfssl command to generate the certs just like --peer-auto-tls?
[root@cscale-82-119 tmp]# openssl x509 -in cert.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ab:3b:c4:b3:11:d0:12:bf:96:c4:54:d8:99:0f:27:a8
Signature Algorithm: ecdsa-with-SHA512
Issuer: O=etcd
Validity
Not Before: Jul 10 07:06:08 2021 GMT
Not After : Jul 10 07:06:08 2022 GMT
Subject: O=etcd
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
04:00:34:b2:ef:a0:6e:51:c8:f3:b2:a4:35:24:b7:
12:eb:56:fb:5b:ee:23:b1:7c:10:0b:90:00:82:ed:
86:11:90:41:eb:0f:dd:f8:1b:8b:61:b7:1c:ac:7e:
c0:78:61:e4:0a:ec:63:cc:4f:5b:d3:8d:9f:62:e7:
f1:2f:63:1a:87:95:32:01:3b:4c:65:69:15:9a:7b:
21:26:60:50:1e:6b:79:8e:bb:95:18:9e:9b:ba:f0:
2f:f5:b5:14:68:8e:9c:f2:a5:b6:b5:c3:c0:5a:79:
0b:83:ff:6c:cb:c3:05:ea:50:05:a2:6a:c9:c5:22:
63:83:d9:e5:1a:0f:6f:58:49:08:21:d0:a8
ASN1 OID: secp521r1
NIST CURVE: P-521
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name:
IP Address:0.0.0.0
Signature Algorithm: ecdsa-with-SHA512
30:81:88:02:42:01:d2:0f:11:10:db:11:34:ef:9d:af:1c:5c:
2e:a3:f1:f3:84:68:e9:84:08:12:f8:d3:30:43:23:01:04:01:
92:92:50:95:a9:b2:d0:1e:50:e4:2f:40:be:f2:90:fb:ea:b8:
75:b4:83:78:d0:c2:dd:29:e4:42:08:01:af:4a:2f:e4:9f:02:
42:01:be:b9:06:fa:ec:53:7c:e5:0e:8c:46:e4:83:fa:7e:9d:
5e:6a:d8:5f:9e:9e:ce:22:63:7e:ef:39:bd:2f:b0:96:e6:f3:
c9:64:be:48:2a:7b:99:f1:c9:f4:91:e5:7c:61:60:2f:2b:37:
dc:cc:3b:b1:19:80:0f:62:e7:24:a2:31:28
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.
2 questions:
I tried https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.md and certs come with Signature Algorithm: sha256WithRSAEncryption and it wont work because of ip mismatch.
So, basically my question here is how to use cfssl command to generate the certs just like --peer-auto-tls?
[root@cscale-82-119 tmp]# openssl x509 -in cert.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ab:3b:c4:b3:11:d0:12:bf:96:c4:54:d8:99:0f:27:a8
Signature Algorithm: ecdsa-with-SHA512
Issuer: O=etcd
Validity
Not Before: Jul 10 07:06:08 2021 GMT
Not After : Jul 10 07:06:08 2022 GMT
Subject: O=etcd
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (521 bit)
pub:
04:00:34:b2:ef:a0:6e:51:c8:f3:b2:a4:35:24:b7:
12:eb:56:fb:5b:ee:23:b1:7c:10:0b:90:00:82:ed:
86:11:90:41:eb:0f:dd:f8:1b:8b:61:b7:1c:ac:7e:
c0:78:61:e4:0a:ec:63:cc:4f:5b:d3:8d:9f:62:e7:
f1:2f:63:1a:87:95:32:01:3b:4c:65:69:15:9a:7b:
21:26:60:50:1e:6b:79:8e:bb:95:18:9e:9b:ba:f0:
2f:f5:b5:14:68:8e:9c:f2:a5:b6:b5:c3:c0:5a:79:
0b:83:ff:6c:cb:c3:05:ea:50:05:a2:6a:c9:c5:22:
63:83:d9:e5:1a:0f:6f:58:49:08:21:d0:a8
ASN1 OID: secp521r1
NIST CURVE: P-521
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name:
IP Address:0.0.0.0
Signature Algorithm: ecdsa-with-SHA512
30:81:88:02:42:01:d2:0f:11:10:db:11:34:ef:9d:af:1c:5c:
2e:a3:f1:f3:84:68:e9:84:08:12:f8:d3:30:43:23:01:04:01:
92:92:50:95:a9:b2:d0:1e:50:e4:2f:40:be:f2:90:fb:ea:b8:
75:b4:83:78:d0:c2:dd:29:e4:42:08:01:af:4a:2f:e4:9f:02:
42:01:be:b9:06:fa:ec:53:7c:e5:0e:8c:46:e4:83:fa:7e:9d:
5e:6a:d8:5f:9e:9e:ce:22:63:7e:ef:39:bd:2f:b0:96:e6:f3:
c9:64:be:48:2a:7b:99:f1:c9:f4:91:e5:7c:61:60:2f:2b:37:
dc:cc:3b:b1:19:80:0f:62:e7:24:a2:31:28
The text was updated successfully, but these errors were encountered: