<ruby id="bdb3f"></ruby>

    <p id="bdb3f"><cite id="bdb3f"></cite></p>

      <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
        <p id="bdb3f"><cite id="bdb3f"></cite></p>

          <pre id="bdb3f"></pre>
          <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

          <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
          <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

          <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                <ruby id="bdb3f"></ruby>

                企業??AI智能體構建引擎,智能編排和調試,一鍵部署,支持知識庫和私有化部署方案 廣告
                # 一、加密的方式 1、對稱加密:加密解密相同 2、非對稱加密:用公鑰~私鑰的密鑰對加密(https為非對稱加密) 3、單項加密:只能加密不能解密(MD5) # 二、SSL證書 ![](https://img.kancloud.cn/bc/8a/bc8abb250130c8f66efae2b805d9d1d7_1142x580.png) # 三、SSL證書的分類 1、自簽證書:內部使用 2、第三方機構:通常在外部連接中使用 # 四、自簽證書工具 1、使用cfssl工具自簽證書 # 五、為ETCD和APIserver自簽SSL證書cfssl安裝 1、 在線安裝 1.1、安裝CFSSL * 生成證書 ``` wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 ``` 或者 ``` wget https://github.com/cloudflare/cfssl/releases/download/1.2.0/cfssl_linux-amd64 ``` * 利用Json生成證書 ``` wget https://github.com/cloudflare/cfssl/releases/download/1.2.0/cfssljson_linux-amd64 ``` * 查看證書信息的工具 ``` wget https://github.com/cloudflare/cfssl/releases/download/1.2.0/cfssl-certinfo_linux-amd64 ``` 1.2、修改權限 ``` chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64 ``` 或者: ``` sudo chmod +x cfssl* ``` 1.3、移動文件(配置環境變量) ``` mv cfssl_linux-amd64?/usr/local/bin/cfssl mv cfssljson_linux-amd64?/usr/local/bin/cfssljson mv cfssl-certinfo_linux-amd64?/usr/local/bin/cfssl-certinfo ``` 移動的時候會自動添加,如果沒有添加成功或者測試不成功再添加環境變量 ``` export PATH=/root/local/bin:$PATH ``` 1.4、驗證指令 ``` cfssl --help ``` ![](https://img.kancloud.cn/3d/bc/3dbc5bae90b24040bf9a289a7602f5e1_781x399.png) 1.5、生成一個配置模板 ``` cfssl print-defaults config > config.json ``` ``` { ??? "signing": { //簽名 ??????? "default": { ??????????? "expiry": "168h" //默認過期時間 ??????? }, ??????? "profiles": { ??????????? "www": { ??????????????? "expiry": "8760h", ??????????????? "usages": [ ??????????????????? "signing", ??????????????????? "key encipherment", ??????????????????? "server auth" ??????????????? ] ??????????? }, ??????????? "client": { ??????????????? "expiry": "8760h", ??????????????? "usages": [ ??????????????????? "signing", ??????????????????? "key encipherment", ??????????????????? "client auth" ??????????????? ] ??????????? } ??????? } ??? } } ``` 1.6、生成證書信息模板文件 ``` cfssl print-defaults csr > csr.json ``` ``` { ??? "CN": "example.net", //標識具體的域 ??? "hosts": [ //使用該證書的域名 ??????? "example.net", ??????? "www.example.net" ??? ], ??? "key": { //加密方式,一般RSA 2048 ??????? "algo": "ecdsa", ??????? "size": 256 ??? }, ??? "names": [ //證書包含的信息,例如國家、地區等 ??????? { ??????????? "C": "US", ??????????? "L": "CA", ??????????? "ST": "San Francisco" ??????? } ??? ] } ``` 1.7、根據初始的配置模板和證書信息模板來生成配置模板以及證書信息 生成我們自己的模板,我們可以把這里生成的模板單獨放到一個文件中,進入到我們自己的文件中后,執行下面的代碼內容,下面的代碼內容是我們根據初始的配置模板、證書信息模板修改之后的來的。下面代碼的意思就是創建文件并再文件中添加內容 ``` cat > ca-config.json { ??? "signing":{ ??????? "default":{ ??????????? "expiry":"87600h" ??????? }, ??????? "profiles":{ ??????????? "kubernetes":{ ??????????????? "expiry":"87600h", ??????????????? "usages":[ ??????????????????? "signing", ??????????????????? "key encipherment", ??????????????????? "server auth", ??????????????????? "client auth" ??????????????? ] ??????????? } ??????? } ??? } } ``` ``` cat > ca-csr.json { ??? "CN":"kubernetes", ??? "key":{ ??????? "algo":"rsa", ??????? "size":2048 ??? }, ??? "names":[ ??????? { ??????????? "C":"CN", ??????????? "L":"Hebei", ??????????? "ST":"Zhangjiakou", ??????????? "O":"k8s", ??????????? "OU":"System" ??????? } ??? ] } ``` 1.8、使用證書信息文件生成證書 ``` cfssl gencert -initca ca-csr.json | cfssljson -bare ca - ``` 1.9、生成服務端的配置模板及證書信息 ``` cat > server-csr.json { ??? "CN":"kubernetes", ??? "hosts":[ ??????? "192.168.72.166", ??????? "192.168.72.168", ??????? "192.168.72.169" ??? ], ??? "key":{ ??????? "algo":"rsa", ??????? "size":2048 ??? }, ??? "names":[ ??????? { ??????????? "C":"CN", ??????????? "L":"Hebei", ??????????? "ST":"Zhangjiakou", ??????????? "O":"k8s", ??????????? "OU":"System" ??????? } ??? ] } EOF ``` 1.10、使用證書信息生成證書 ``` cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server ``` ![](https://img.kancloud.cn/eb/1b/eb1b17f41ebc1c5fd8c895d5e3791af6_1165x340.png) 參考:[https://www.cnblogs.com/fanqisoft/p/10765038.html](https://www.cnblogs.com/fanqisoft/p/10765038.html) 2、離線安裝 2.1、上傳TLSLjar包 壓縮包上傳,這里的壓縮包就是移動到/usr/local/bin/文件目錄下的內容,可以自己進行打包下載。 下載地址:[https://jsbke.cn/files/TLS.tar.gz](https://jsbke.cn/files/TLS.tar.gz) 下載地址: 鏈接:[https://pan.baidu.com/s/1dwRa7wW_qWjBfJrckHhRgw?pwd=ud0q](https://pan.baidu.com/s/1dwRa7wW_qWjBfJrckHhRgw?pwd=ud0q) 提取碼:ud0q --來自百度網盤超級會員V5的分享 2.2、解壓 2.3、執行cfssl.sh文件 cfssl.sh中的代碼 ``` #curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl #curl -L https://github.com/cloudflare/cfssl/releases/download/1.2.0/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson #curl -L github.com/cloudflare/cfssl/releases/download/1.2.0/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo cp -rf cfssl cfssl-certinfo cfssljson /usr/local/bin chmod +x /usr/local/bin/cfssl* ``` 2.4、驗證 ~~~ cfssl --help ~~~ 2.5、cd etcd 2.6、修改配置文件 ``` cat server-csr.json { ??? "CN": "etcd", ??? "hosts": [ ??????? "192.168.72.166", ??????? "192.168.72.168", ??????? "192.168.72.169" ??????? ], ??? "key": { ??????? "algo": "rsa", ??????? "size": 2048 ??? }, ??? "names": [ ??????? { ??????????? "C": "CN", ??????????? "L": "BeiJing", ??????????? "ST": "BeiJing" ??????? } ??? ] } ``` 2.7、執行命令生成證書 ``` generate_etcd_cert.sh ``` generate_etcd_cert.sh中的代碼: ``` cfssl gencert -initca ca-csr.json | cfssljson -bare ca - cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server ``` 注:證書在哪里生成都行 參考文檔:[https://www.cnblogs.com/yangzp/p/15692046.html](https://www.cnblogs.com/yangzp/p/15692046.html)
                  <ruby id="bdb3f"></ruby>

                  <p id="bdb3f"><cite id="bdb3f"></cite></p>

                    <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
                      <p id="bdb3f"><cite id="bdb3f"></cite></p>

                        <pre id="bdb3f"></pre>
                        <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

                        <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
                        <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

                        <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                              <ruby id="bdb3f"></ruby>

                              哎呀哎呀视频在线观看