├── .gitignore
├── 1-generate-root-ca
    ├── ca-config.json
    └── ca-csr.json
├── 2-generate-server-cert
    └── apiserver-csr.json
├── 3-generate-client-cert
    └── admin-csr.json
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | *.pem
2 | *.csr
3 | 


--------------------------------------------------------------------------------
/1-generate-root-ca/ca-config.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "signing": {
 3 |     "default": {
 4 |       "expiry": "8760h"
 5 |     },
 6 |     "profiles": {
 7 |       "server": {
 8 |         "usages": [
 9 |           "signing",
10 |           "key encipherment",
11 |           "server auth"
12 |         ],
13 |         "expiry": "8760h"
14 |       },
15 |       "client": {
16 |         "usages": [
17 |           "signing",
18 |           "key encipherment",
19 |           "client auth"
20 |         ],
21 |         "expiry": "8760h"
22 |       }
23 |     }
24 |   }
25 | }


--------------------------------------------------------------------------------
/1-generate-root-ca/ca-csr.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "CN": "Kubernetes CA",
 3 |   "key": {
 4 |     "algo": "rsa",
 5 |     "size": 2048
 6 |   },
 7 |   "names": [
 8 |     {
 9 |       "C": "US",
10 |       "L": "Portland",
11 |       "O": "Kubernetes",
12 |       "OU": "CA",
13 |       "ST": "Oregon"
14 |     }
15 |   ]
16 | }


--------------------------------------------------------------------------------
/2-generate-server-cert/apiserver-csr.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "CN": "*.c.PROJECT_ID.internal",
 3 |   "hosts": [
 4 |     "127.0.0.1",
 5 |     "EXTERNAL_IP",
 6 |     "*.c.PROJECT_ID.internal"
 7 |   ],
 8 |   "key": {
 9 |     "algo": "rsa",
10 |     "size": 2048
11 |   },
12 |   "names": [
13 |     {
14 |       "C": "US",
15 |       "L": "Portland",
16 |       "O": "Kubernetes",
17 |       "OU": "API Server",
18 |       "ST": "Oregon"
19 |     }
20 |   ]
21 | }
22 | 


--------------------------------------------------------------------------------
/3-generate-client-cert/admin-csr.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "CN": "admin",
 3 |   "hosts": [
 4 |     ""
 5 |   ],
 6 |   "key": {
 7 |     "algo": "rsa",
 8 |     "size": 2048
 9 |   },
10 |   "names": [
11 |     {
12 |       "C": "US",
13 |       "L": "Portland",
14 |       "O": "Kubernetes",
15 |       "OU": "Cluster Admins",
16 |       "ST": "Oregon"
17 |     }
18 |   ]
19 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## Please see the [Wiki](https://github.com/jason-riddle/generating-certs/wiki).
2 | 
3 | Also, this repo is unmaintained annd won't receive further updates. But checkout https://github.com/jason-riddle/ssl-tls-examples for more security goodness.
4 | 


--------------------------------------------------------------------------------