Skip to main content

Certificate

Ingress TLS Config

spec:
  ingressClassName: nginx-external
  rules:
  - host: foo.com
    http:
      paths:
      - backend:
          service:
            name: foo
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - foo.com
    secretName: foo-cert

Find Ingress TLS Config

kubectl get ingress -o yaml -A | grep -A 53 tls:

Create TLS Secret

kubectl create secret tls foo-cert \
  --cert=fullchain.cer \
  --key=foo.key

Get Cert Info

openssl x509 -in foo.pem -text -noout

Aliyun Default Cert

openssl x509 -in 'Kubernetes Ingress Controller Fake Certificate.pem' -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:67:cc:88:57:b4:78:99:b9:8f:73:ca:98:8d:9d:6c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=Acme Co, CN=Kubernetes Ingress Controller Fake Certificate
        Validity
            Not Before: Apr  3 03:31:43 2025 GMT
            Not After : Apr  2 03:31:43 2030 GMT
        Subject: O=Acme Co, CN=Kubernetes Ingress Controller Fake Certificate
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d8:15:24:26:c6:18:72:95:2a:8d:c8:25:9f:ec:
                    98:19:9c:70:8f:c3:af:89:ca:dc:c5:92:64:0e:ec:
                    4c:31:ed:08:a6:57:71:b6:83:e3:72:93:08:9d:00:
                    37:a3:ce:d2:e1:35:19:a7:1b:fa:fa:63:0e:0d:d4:
                    e2:95:55:fa:46:08:23:51:0c:64:51:7e:b0:13:a3:
                    8f:8e:0a:83:f1:f9:f0:d1:a0:95:71:42:2f:71:6b:
                    18:42:83:1c:79:7b:c7:8b:30:6e:12:cd:5a:1c:58:
                    8e:e5:9f:c0:35:aa:25:ee:11:7f:d1:ef:d8:5e:47:
                    86:da:3f:34:3c:58:99:1f:73:80:a9:f8:3f:04:62:
                    e6:07:f4:b3:85:47:d8:81:c6:cb:96:cf:e4:44:90:
                    29:d8:86:a2:9a:22:31:95:29:24:43:82:6f:aa:36:
                    2a:c0:96:32:d4:ad:0b:52:5d:b2:f2:d1:c6:b0:b9:
                    af:f1:8c:83:a2:be:45:ff:d7:7b:ab:18:3b:30:45:
                    62:60:37:d9:c0:32:81:70:2f:0c:43:cc:36:7a:bf:
                    4d:4a:67:0d:69:9c:cb:28:b4:fc:d3:55:ad:80:b6:
                    18:c4:0f:a4:86:cd:75:88:fd:a2:cc:ab:b1:ad:4d:
                    e5:62:f2:34:96:d5:cf:4c:88:40:20:f1:be:3c:ea:
                    1e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Alternative Name:
                DNS:ingress.local
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        08:bc:75:4a:61:72:86:5b:cb:81:27:83:ee:0c:fc:0f:23:b3:
        2d:fc:dd:b7:8b:0c:1d:9d:e8:7c:8a:96:0b:ad:6e:53:e9:57:
        32:40:9a:0d:1b:d4:af:1c:a8:36:50:d8:4f:77:34:2f:af:db:
        ce:81:bc:73:23:c2:5f:5d:1a:a0:33:4c:8c:2d:7b:fc:67:46:
        4f:5c:38:10:ab:d4:ea:94:3d:bf:2f:39:51:11:92:2a:47:7c:
        ab:a0:f8:30:fa:3f:b9:46:dd:a0:6f:74:a3:2d:49:c7:87:5a:
        73:e1:31:2a:01:d1:aa:33:58:69:84:f4:34:08:c6:a3:b6:f9:
        d0:e6:93:0b:ad:d6:4f:06:83:70:dc:f8:8e:60:30:05:cc:92:
        13:13:e2:43:1a:c4:4c:e2:41:29:b4:8c:36:a0:21:24:48:85:
        67:f9:fd:a5:22:27:c4:15:60:14:1c:78:4e:98:b3:15:0a:15:
        26:05:4d:c1:5d:3a:f5:46:e2:1b:c0:a2:1e:8d:14:53:d9:75:
        2d:bb:51:0f:1d:a2:94:b4:95:b7:4e:e4:ca:19:b4:a4:2c:5f:
        8b:96:65:3d:40:65:8e:28:90:a5:03:5b:fa:94:6c:06:c5:fd:
        5a:bc:34:ed:5b:54:73:df:9b:0a:ec:42:45:e1:48:60:08:4a:
        6b:d6:4b:fb
Back to top