openshift-cli-adm-ca-create-server-cert man page

openshift cli adm ca create-server-cert — Create a signed server certificate and key

Synopsis

openshift cli adm ca create-server-cert [Options]

Description

Create a key and server certificate

Create a key and server certificate valid for the specified hostnames, signed by the specified CA. These are useful for securing infrastructure components such as the router, authentication server, etc.

Example: Creating a secure router certificate.

CA=openshift.local.config/master
openshift cli adm ca create-server-cert --signer-cert=$CA/ca.crt \
--signer-key=$CA/ca.key --signer-serial=$CA/ca.serial.txt \
--hostnames='*.cloudapps.example.com' \
--cert=cloudapps.crt --key=cloudapps.key
cat cloudapps.crt cloudapps.key $CA/ca.crt > cloudapps.router.pem

Options

--cert=""
The certificate file. Choose a name that indicates what the service is.
--hostnames=[]
Every hostname or IP you want server certs to be valid for. Comma delimited list
--key=""
The key file. Choose a name that indicates what the service is.
--overwrite=true
Overwrite existing cert files if found. If false, any existing file will be left as-is.
--signer-cert="openshift.local.config/master/ca.crt"
The certificate file.
--signer-key="openshift.local.config/master/ca.key"
The key file.
--signer-serial="openshift.local.config/master/ca.serial.txt"
The serial file that keeps track of how many certs have been signed.

Options Inherited from Parent Commands

--api-version=""
DEPRECATED: The API version to use when talking to the server
--as=""
Username to impersonate for the operation
--certificate-authority=""
Path to a cert. file for the certificate authority
--client-certificate=""
Path to a client certificate file for TLS
--client-key=""
Path to a client key file for TLS
--cluster=""
The name of the kubeconfig cluster to use
--config=""
Path to the config file to use for CLI requests.
--context=""
The name of the kubeconfig context to use
--google-json-key=""
The Google Cloud Platform Service Account JSON Key to use for authentication.
--insecure-skip-tls-verify=false
If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--log-flush-frequency=0
Maximum number of seconds between log flushes
--match-server-version=false
Require server version to match client version
-n, --namespace=""
If present, the namespace scope for this CLI request
--request-timeout="0"
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
--server=""
The address and port of the Kubernetes API server
--token=""
Bearer token for authentication to the API server
--user=""
The name of the kubeconfig user to use

See Also

openshift-cli-adm-ca(1),

History

June 2016, Ported from the Kubernetes man-doc generator

Referenced By

openshift-cli-adm-ca(1).

Openshift CLI User Manuals June 2016