oadm-create-server-cert man page

oadm create-server-cert -

Synopsis

oadm create-server-cert [Options]

Description

Create a key and server certificate

Create a key and server certificate valid for the specified hostnames, signed by the specified CA. These are useful for securing infrastructure components such as the router, authentication server, etc.

Example: Creating a secure router certificate.

CA=openshift.local.config/master
oadm create-server-cert --signer-cert=$CA/ca.crt \
          --signer-key=$CA/ca.key --signer-serial=$CA/ca.serial.txt \
          --hostnames='*.cloudapps.example.com' \
          --cert=cloudapps.crt --key=cloudapps.key
cat cloudapps.crt cloudapps.key $CA/ca.crt > cloudapps.router.pem

Options

--cert=""
The certificate file. Choose a name that indicates what the service is.
--hostnames=[]
Every hostname or IP you want server certs to be valid for. Comma delimited list
--key=""
The key file. Choose a name that indicates what the service is.
--overwrite=true
Overwrite existing cert files if found. If false, any existing file will be left as-is.
--signer-cert="openshift.local.config/master/ca.crt"
The certificate file.
--signer-key="openshift.local.config/master/ca.key"
The key file.
--signer-serial="openshift.local.config/master/ca.serial.txt"
The serial file that keeps track of how many certs have been signed.

Options Inherited from Parent Commands

--api-version=""
DEPRECATED: The API version to use when talking to the server

--as=""
Username to impersonate for the operation.

--certificate-authority=""
Path to a cert. file for the certificate authority.

--client-certificate=""
Path to a client certificate file for TLS.

--client-key=""
Path to a client key file for TLS.

--cluster=""
The name of the kubeconfig cluster to use

--config=""
Path to the config file to use for CLI requests.

--context=""
The name of the kubeconfig context to use

--google-json-key=""
The Google Cloud Platform Service Account JSON Key to use for authentication.

--insecure-skip-tls-verify=false
If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.

--log-flush-frequency=0
Maximum number of seconds between log flushes

--match-server-version=false
Require server version to match client version

-n, --namespace=""
If present, the namespace scope for this CLI request.

--server=""
The address and port of the Kubernetes API server

--token=""
Bearer token for authentication to the API server.

--user=""
The name of the kubeconfig user to use

See Also

oadm(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

oadm(1).

Openshift CLI User Manuals Openshift June 2016