526互联

consul 证书

发布时间 2023-12-25 13:28:16作者: qgbo

上面 consul  cluster 启动 时会生成证书,一个是证书, 这CA-cert 是CA的,这是根证书。一个是私钥

# k get secrets consul-ca-cert -oyaml
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRVENDQXVpZ0F3SUJBZ0lVWm54b0hPNzNwSTY0NlRCMGhKQy9YR1dVTUt3d0NnWUlLb1pJemowRUF3SXcKZ1pFeEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1agphWE5qYnpFYU1CZ0dBMVVFQ1JNUk1UQXhJRk5sWTI5dVpDQlRkSEpsWlhReERqQU1CZ05WQkJFVEJUazBNVEExCk1SY3dGUVlEVlFRS0V3NUlZWE5vYVVOdmNuQWdTVzVqTGpFWU1CWUdBMVVFQXhNUFEyOXVjM1ZzSUVGblpXNTAKSUVOQk1CNFhEVEl6TVRJeU5UQXpNVEV5T1ZvWERUTXpNVEl5TWpBek1USXlPVm93Z1pFeEN6QUpCZ05WQkFZVApBbFZUTVFzd0NRWURWUVFJRXdKRFFURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFYU1CZ0dBMVVFCkNSTVJNVEF4SUZObFkyOXVaQ0JUZEhKbFpYUXhEakFNQmdOVkJCRVRCVGswTVRBMU1SY3dGUVlEVlFRS0V3NUkKWVhOb2FVTnZjbkFnU1c1akxqRVlNQllHQTFVRUF4TVBRMjl1YzNWc0lFRm5aVzUwSUVOQk1Ga3dFd1lIS29aSQp6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVJaUZ5MmYwb1dKWUIweGhZSjZGU2tReVZ0RXhJdHhzbjVHV1pReXA4Cm55ZVFEUUpvb1ZMQWllV21Vd0xKQW1JVXB2WW1HamhqRzREVStMWVc1d1hNcXFPQ0FSb3dnZ0VXTUE0R0ExVWQKRHdFQi93UUVBd0lCaGpBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEd1lEVlIwVApBUUgvQkFVd0F3RUIvekJvQmdOVkhRNEVZUVJmWlRZNlkyTTZNakU2WmpZNlpHVTZZekk2WTJFNk5EYzZOelk2Ck5UUTZaamM2TVRVNk16ZzZaVFk2WldFNk4ySTZOVGM2T0RrNk0yWTZNR1E2TnpjNk1qazZObVk2T1RjNk5HUTYKTXpJNlltTTZORGM2WmpFNk1EZzZNV0k2WVRZd2FnWURWUjBqQkdNd1lZQmZaVFk2WTJNNk1qRTZaalk2WkdVNgpZekk2WTJFNk5EYzZOelk2TlRRNlpqYzZNVFU2TXpnNlpUWTZaV0U2TjJJNk5UYzZPRGs2TTJZNk1HUTZOemM2Ck1qazZObVk2T1RjNk5HUTZNekk2WW1NNk5EYzZaakU2TURnNk1XSTZZVFl3Q2dZSUtvWkl6ajBFQXdJRFJ3QXcKUkFJZ2FTYUNuUkF2K2xMdDlFMnNwbUVhcURueVJWbXNvYnZQTU1uNHQxTWREOE1DSUhqdTk3OEErdmJ1YnlFVQpzMlJEUDBvRE1UQnNEOEJKeTdWTXhJaGkrZjJ0Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
kind: Secret

#k get screts consul-ca-key -oyaml
apiVersion: v1
data:
tls.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUkrRlFYVk55anJPaWZzYlBuYzJJdXYyTDlLYkdkNVc5TjY4TExGTWh1Z3FvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSWlGeTJmMG9XSllCMHhoWUo2RlNrUXlWdEV4SXR4c241R1daUXlwOG55ZVFEUUpvb1ZMQQppZVdtVXdMSkFtSVVwdlltR2poakc0RFUrTFlXNXdYTXFnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=

 

get secrets consul-server-cert -oyaml
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQXRTZ0F3SUJBZ0lVY212YzF4ckdTWWF5SWpvVjhqMWNMcCtxa0U0d0NnWUlLb1pJemowRUF3SXcKZ1pFeEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1agphWE5qYnpFYU1CZ0dBMVVFQ1JNUk1UQXhJRk5sWTI5dVpDQlRkSEpsWlhReERqQU1CZ05WQkJFVEJUazBNVEExCk1SY3dGUVlEVlFRS0V3NUlZWE5vYVVOdmNuQWdTVzVqTGpFWU1CWUdBMVVFQXhNUFEyOXVjM1ZzSUVGblpXNTAKSUVOQk1CNFhEVEl6TVRJeU5UQXpNVEV5T1ZvWERUSTFNVEl5TkRBek1USXlPVm93SERFYU1CZ0dBMVVFQXhNUgpjMlZ5ZG1WeUxtWnpieTVqYjI1emRXd3dXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBUnIybjFlCmw3MWJOVGMrZHh4a1Z3OFBsNEZ0MXdVdEdZM0NGcFliWEZXODFYVkNBTEVYaEtSZk1ya0lUeTFweUxFR0c0d1YKRTVERkZhQ3p5OFFSbmFUMW80SUJmRENDQVhnd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRRwpDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1Hb0dBMVVkSXdSak1HR0FYMlUyCk9tTmpPakl4T21ZMk9tUmxPbU15T21OaE9qUTNPamMyT2pVME9tWTNPakUxT2pNNE9tVTJPbVZoT2pkaU9qVTMKT2pnNU9qTm1PakJrT2pjM09qSTVPalptT2prM09qUmtPak15T21Kak9qUTNPbVl4T2pBNE9qRmlPbUUyTUlITQpCZ05WSFJFRWdjUXdnY0dDRFdOdmJuTjFiQzF6WlhKMlpYS0NEeW91WTI5dWMzVnNMWE5sY25abGNvSVhLaTVqCmIyNXpkV3d0YzJWeWRtVnlMbU52Ym5OMWJET0NGV052Ym5OMWJDMXpaWEoyWlhJdVkyOXVjM1ZzTTRJYktpNWoKYjI1emRXd3RjMlZ5ZG1WeUxtTnZibk4xYkRNdWMzWmpnaGxqYjI1emRXd3RjMlZ5ZG1WeUxtTnZibk4xYkRNdQpjM1pqZ2hNcUxuTmxjblpsY2k1bWMyOHVZMjl1YzNWc2doRnpaWEoyWlhJdVpuTnZMbU52Ym5OMWJJSUpiRzlqCllXeG9iM04waHdSL0FBQUJNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJQm9SZ2d6NjN5T3d6LytHTUE3VWlwSWYKalF1VFJ3Z1U3L2t0UzNhS09mVFFBaUVBOWxGR3dJdmV5NTUyM2hvMHpuU1EweU4ya0hLdUowOTc5djc3aTRLdwpNL2c9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVAxcDJEeGtoVStIU1hUNWlzWFNuNVVLeFd4QTVhUE4xRlBHK29JdXd4Z1dvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFYTlwOVhwZTlXelUzUG5jY1pGY1BENWVCYmRjRkxSbU53aGFXRzF4VnZOVjFRZ0N4RjRTawpYeks1Q0U4dGFjaXhCaHVNRlJPUXhSV2dzOHZFRVoyazlRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret

上面公钥 先 base64 解码, 再 解析内容。  这里有公钥,签发者等信息。证书可以到处传,私钥只是自己保存

-----BEGIN CERTIFICATE-----
MIIDQTCCAuigAwIBAgIUZnxoHO73pI646TB0hJC/XGWUMKwwCgYIKoZIzj0EAwIw
gZExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5j
aXNjbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1
MRcwFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjEYMBYGA1UEAxMPQ29uc3VsIEFnZW50
IENBMB4XDTIzMTIyNTAzMTEyOVoXDTMzMTIyMjAzMTIyOVowgZExCzAJBgNVBAYT
AlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEaMBgGA1UE
CRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcwFQYDVQQKEw5I
YXNoaUNvcnAgSW5jLjEYMBYGA1UEAxMPQ29uc3VsIEFnZW50IENBMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEIiFy2f0oWJYB0xhYJ6FSkQyVtExItxsn5GWZQyp8
nyeQDQJooVLAieWmUwLJAmIUpvYmGjhjG4DU+LYW5wXMqqOCARowggEWMA4GA1Ud
DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0T
AQH/BAUwAwEB/zBoBgNVHQ4EYQRfZTY6Y2M6MjE6ZjY6ZGU6YzI6Y2E6NDc6NzY6
NTQ6Zjc6MTU6Mzg6ZTY6ZWE6N2I6NTc6ODk6M2Y6MGQ6Nzc6Mjk6NmY6OTc6NGQ6
MzI6YmM6NDc6ZjE6MDg6MWI6YTYwagYDVR0jBGMwYYBfZTY6Y2M6MjE6ZjY6ZGU6
YzI6Y2E6NDc6NzY6NTQ6Zjc6MTU6Mzg6ZTY6ZWE6N2I6NTc6ODk6M2Y6MGQ6Nzc6
Mjk6NmY6OTc6NGQ6MzI6YmM6NDc6ZjE6MDg6MWI6YTYwCgYIKoZIzj0EAwIDRwAw
RAIgaSaCnRAv+lLt9E2spmEaqDnyRVmsobvPMMn4t1MdD8MCIHju978A+vbubyEU
s2RDP0oDMTBsD8BJy7VMxIhi+f2t
-----END CERTIFICATE-----

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEII+FQXVNyjrOifsbPnc2Iuv2L9KbGd5W9N68LLFMhugqoAoGCCqGSM49
AwEHoUQDQgAEIiFy2f0oWJYB0xhYJ6FSkQyVtExItxsn5GWZQyp8nyeQDQJooVLA
ieWmUwLJAmIUpvYmGjhjG4DU+LYW5wXMqg==
-----END EC PRIVATE KEY-----