openshift-cli-adm-ca-create-server-cert man page

openshift cli adm ca create-server-cert — Create a signed server certificate and key

Synopsis

openshift cli adm ca create-server-cert [Options]

Description

Create a key and server certificate

Create a key and server certificate valid for the specified hostnames, signed by the specified CA. These are useful for securing infrastructure components such as the router, authentication server, etc.

Example: Creating a secure router certificate.

CA=openshift.local.config/master
     openshift cli adm ca create-server-cert --signer-cert=$CA/ca.crt \
           --signer-key=$CA/ca.key --signer-serial=$CA/ca.serial.txt \
           --hostnames='*.cloudapps.example.com' \
           --cert=cloudapps.crt --key=cloudapps.key
 cat cloudapps.crt cloudapps.key $CA/ca.crt > cloudapps.router.pem

Options

--cert=""

The certificate file. Choose a name that indicates what the service is.

--expire-days=730

Validity of the certificate in days (defaults to 2 years). WARNING: extending this above default value is highly discouraged.

--hostnames=[]

Every hostname or IP you want server certs to be valid for. Comma delimited list

--key=""

The key file. Choose a name that indicates what the service is.

--overwrite=true

Overwrite existing cert files if found.  If false, any existing file will be left as-is.

--signer-cert="openshift.local.config/master/ca.crt"

The certificate file.

--signer-key="openshift.local.config/master/ca.key"

The key file.

--signer-serial="openshift.local.config/master/ca.serial.txt"

The serial file that keeps track of how many certs have been signed.

Options Inherited from Parent Commands

--api-version=""

DEPRECATED: The API version to use when talking to the server

--as=""

Username to impersonate for the operation

--azure-container-registry-config=""

Path to the file container Azure container registry configuration information.

--certificate-authority=""

Path to a cert. file for the certificate authority

--client-certificate=""

Path to a client certificate file for TLS

--client-key=""

Path to a client key file for TLS

--cluster=""

The name of the kubeconfig cluster to use

--config=""

Path to the config file to use for CLI requests.

--context=""

The name of the kubeconfig context to use

--google-json-key=""

The Google Cloud Platform Service Account JSON Key to use for authentication.

--insecure-skip-tls-verify=false

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--log-flush-frequency=0

Maximum number of seconds between log flushes

--match-server-version=false

Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request

--request-timeout="0"

The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

--server=""

The address and port of the Kubernetes API server

--token=""

Bearer token for authentication to the API server

--user=""

The name of the kubeconfig user to use

See Also

openshift-cli-adm-ca(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

openshift-cli-adm-ca(1).

Openshift CLI User Manuals June 2016