Ssl 此证书缺少“主机”字段。这使得它不适合网站
当我执行此命令以生成kubernetes证书时:Ssl 此证书缺少“主机”字段。这使得它不适合网站,ssl,cloudflare,Ssl,Cloudflare,当我执行此命令以生成kubernetes证书时: cfssl gencert -ca=ca.pem -ca-key=ca-key.pem \ -config=ca-config.json \ -profile=kubernetes \ kubernetes-csr.json | cfssljson -bare kubernetes cfssl采用的原因说明: [root@iZuf63refzweg1d9dh94t8Z ssl]# cfssl gencert -ca=ca.pem -ca-key
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
kubernetes-csr.json | cfssljson -bare kubernetes
[root@iZuf63refzweg1d9dh94t8Z ssl]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem \
> -config=ca-config.json \
> -profile=kubernetes \
> kubernetes-csr.json | cfssljson -bare kubernetes
2019/08/25 20:02:12 [INFO] generate received request
2019/08/25 20:02:12 [INFO] received CSR
2019/08/25 20:02:12 [INFO] generating key: rsa-2048
2019/08/25 20:02:13 [INFO] encoded CSR
2019/08/25 20:02:13 [INFO] signed certificate with serial number 540759253485135214776496461610290604881680785507
2019/08/25 20:02:13 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"172.19.104.230",
"172.19.150.82",
"172.19.104.231"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
显然,它包含hosts字段。我正在使用cfssl版本1.2。这是一个错误吗?将cfssl版本从v1.2更新到v1.3.4最新版本:
go get -u github.com/cloudflare/cfssl/cmd/cfssl