Initialize a certificate authority

In this lab you will setup the necessary PKI infrastructure to secure the Kuberentes API for remote communication. This lab will leverage CloudFlare's PKI toolkit, cfssl, to bootstrap a Certificate Authority.

Download and install cfssl

node0

gcloud compute ssh node0

sudo mkdir -p /opt/bin

sudo curl -o /opt/bin/cfssl https://storage.googleapis.com/bin.kuar.io/cfssl
sudo chmod +x /opt/bin/cfssl

sudo curl -o /opt/bin/cfssljson https://storage.googleapis.com/bin.kuar.io/cfssljson
sudo chmod +x /opt/bin/cfssljson

Initialize a CA

Create the CA configuration file

curl -O https://storage.googleapis.com/configs.kuar.io/ca-config.json

Generate the CA certificate and private key

Create the CA CSR:

curl -O https://storage.googleapis.com/configs.kuar.io/ca-csr.json

Generate the CA certificate and private key:

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

Results:

ca-key.pem
ca.csr
ca.pem

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

initialize-a-certificate-authority.md

initialize-a-certificate-authority.md

Initialize a certificate authority

Download and install cfssl

node0

Initialize a CA

Create the CA configuration file

Generate the CA certificate and private key

Files

initialize-a-certificate-authority.md

Latest commit

History

initialize-a-certificate-authority.md

File metadata and controls

Initialize a certificate authority

Download and install cfssl

node0

Initialize a CA

Create the CA configuration file

Generate the CA certificate and private key