证书信息准备
[root@hyk8svsrm01 ssl]# cat com.crt
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIJANHpUzbcupymMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
BAMMCyouY3JwY2cuY29tMB4XDTIxMDYyNDA2NDY1NloXDTMxMDYyMjA2NDY1Nlow
FjEUMBIGA1UEAwwLKi5jcnBjZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDMtua6EApymWhuf7ICTH+eyhRwJ0YWojabMW53YrmYRH5o2XtV60/R
4sP7S5asUaODWKY56/8cnFAA9JYMZb54srljWvg08E7NbUEQcy/xQqgdmCet4Oui
bLjMKCQuplvYbPcQgyifY1JSTR1d6TMLbC1u77RAkg6BHQ0moDi0ti0bcxHl2Gsh
WBmQWKdKIpkJO+WQXqDzi20itLWfA2bWUW9EKabO5QhVbbZr316ajdtD2hpe0SgM
gvwgJRZnxfTZ3POdZx423eH24bi7igtr2ge1w6P2stMtpfEVx0OrSczGv715RWks
56TXF8TM42/BtmEFRTh3n7b+goNnfBLbAgMBAAGjUDBOMB0GA1UdDgQWBBQsjTn8
7fMd4rVGO0KVXBAmniWnlzAfBgNVHSMEGDAWgBQsjTn87fMd4rVGO0KVXBAmniWn
lzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCcGLmW7ieSujcvCVk/
Wux+kv2aXS3n1XpzzyKD4R8OWxhSLj4RVEujlAPujXMgzGeYLSDibn1szNeT2V4Q
a+hxMMH8JYaZGuRI4MHl8sUvMTJod0U0AwnREwN2e7zq4tGpJtovIygCQ6Xwsqma
MQYYcVNW9RYCuLe8Z5zQAHjLJwaTB0Nj2Ge9ElN/8CFxi9y8Hu1VeMYJ3t7XEmBE
SCRZR0jRraZ9HweiwccP8f8V/k/hittTOdrPzuX7MHoBgdVdNEFWWXXalun6iV3r
cAKpCXl878AOVFSnaelcrrXhWQly520C4JGre4MV4PW7k698JVL6Vk8/ureCCXL7
8dJf
-----END CERTIFICATE-----
[root@hyk8svsrm01 ssl]# cat com.key
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMtua6EApymWhu
f7ICTH+eyhRwJ0YWojabMW53YrmYRH5o2XtV60/R4sP7S5asUaODWKY56/8cnFAA
9JYMZb54srljWvg08E7NbUEQcy/xQqgdmCet4OuibLjMKCQuplvYbPcQgyifY1JS
TR1d6TMLbC1u77RAkg6BHQ0moDi0ti0bcxHl2GshWBmQWKdKIpkJO+WQXqDzi20i
tLWfA2bWUW9EKabO5QhVbbZr316ajdtD2hpe0SgMgvwgJRZnxfTZ3POdZx423eH2
4bi7igtr2ge1w6P2stMtpfEVx0OrSczGv715RWks56TXF8TM42/BtmEFRTh3n7b+
goNnfBLbAgMBAAECggEBALJ0Nom39gOUa473zgtm+FFJw6tI8TZFzehXnP6Bl1x/
SNrJy1RIvtouHb3wVLZ+rFWRb8ZKTad5M9zBWhQQlYvN8QIFiR1M5sT5GqDmaMKd
4sN5og1XZtG+iRGfZHsuFh6CTpWcYEshX9/SzWjSIucwNCLi3nTzXaV717z2KriM
DyxeBs/KdF2aWiTFQJwasj7BC9IFGMN3lOi44tw3GbXYedaoBMT+PGSIKSeEPalm
4OuKVzM/G3gsydOk7XtDit8Wh6qGycPmOkA7moV795yKkD++klH5/Xavpdux2ORG
1nVmf2HXesJesr7pZgBvTjtre2SpMmlU5HXzmxykXRECgYEA7oL3qWLGIWS5XfH5
kkrzmcaa/LSpXXw0yRGof2XyLgp31DGLg7LUhjF/kQiVPX1+uI3e33qcnMn6cUgc
4JYAxXJQIqEOfqXvot7uOajkk6b3Oq4/Cj47NupWBL0yDOQsyXNBFPfPG/rlGZ9e
bBpW6b8abpSiD7dgW+joYxLYYdcCgYEA27mJneGyGRc5CsHWOdDO6eyWYGy35RWr
OQOR2vLlFZJCX4Yl0NDcFVQ99EcGrQoA4nE++sUh74VsuWiYUH1RC7lQL1eRii3/
vVkvsye7Vtchvx5ytkVnCsnYUpsHUNRuniluhekqrWc832G4KM4gzlbhWq0zM2wf
yJZlF+DaPp0CgYANuVV81qUl6MDNyg2dQFjSAV6Lqe2Q5oO3CiAS7I/J3GpWuF8Z
veGCszhu5PqJZj4zal5np4t5bhnOCOM4fQkgU1qPE4tc+DlYutEkWjaE1HenVb1k
3n3TxBoc/bHykfKNyOb2yOeO6ZnjJottVvqnSoq/0CefFeMihr1QbhYrUwKBgEj1
LXXIGDvukxk4Taq648mWrkPsNY+Sh10SC185Icns268eOvZAM6O9aijvYI8acDrA
QZpA1MjUc8qIqXKoeb271Z0ypXfNWEqGD6mcOr9WBbWRJaPSHaneZb7gDSjQsL5B
oZpDVtFnIzZFG0IpV4lMHd3e/s5HS7JuBblNBwqdAoGBALCZ18D/ArQ/JxHAjCZd
K9GP3aUPH1lL+i8W9mN5DIW0pSw7n3phv8Q4ps/prKuevpU3ghVqebsnosSiQgf9
OeAyhvxVrNze8CgoA7Nq72yBqx8/bJnb7jDd8Gwk2al/mOaadowErQ7MdmPugm7f
obLZRcAXHpU6qP5l5nyeQXa+
-----END PRIVATE KEY-----查看现在的证书并编辑内容
kubectl get secrets -n helloword
kubectl edit secret crpcg.com-tls -n helloword
修改为新的证书内容 证书需要通过base64加密
3.证书的加密和解密
证书解密
echo 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvekNDQWVlZ0F3SUJBZ0lKQU5IcFV6YmN1cHltTUEwR0NTcUdTSWIzRFFFQkN3VUFNQll4RkRBU0JnTlYKQkFNTUN5b3VZM0p3WTJjdVkyOXRNQjRYRFRJeE1EWXlOREEyTkRZMU5sb1hEVE14TURZeU1qQTJORFkxTmxvdwpGakVVTUJJR0ExVUVBd3dMS2k1amNuQmpaeTVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFETXR1YTZFQXB5bVdodWY3SUNUSCtleWhSd0owWVdvamFiTVc1M1lybVlSSDVvMlh0VjYwL1IKNHNQN1M1YXNVYU9EV0tZNTYvOGNuRkFBOUpZTVpiNTRzcmxqV3ZnMDhFN05iVUVRY3kveFFxZ2RtQ2V0NE91aQpiTGpNS0NRdXBsdlliUGNRZ3lpZlkxSlNUUjFkNlRNTGJDMXU3N1JBa2c2QkhRMG1vRGkwdGkwYmN4SGwyR3NoCldCbVFXS2RLSXBrSk8rV1FYcUR6aTIwaXRMV2ZBMmJXVVc5RUthYk81UWhWYmJacjMxNmFqZHREMmhwZTBTZ00KZ3Z3Z0pSWm54ZlRaM1BPZFp4NDIzZUgyNGJpN2lndHIyZ2UxdzZQMnN0TXRwZkVWeDBPclNjekd2NzE1Uldrcwo1NlRYRjhUTTQyL0J0bUVGUlRoM243Yitnb05uZkJMYkFnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCUXNqVG44CjdmTWQ0clZHTzBLVlhCQW1uaVdubHpBZkJnTlZIU01FR0RBV2dCUXNqVG44N2ZNZDRyVkdPMEtWWEJBbW5pV24KbHpBTUJnTlZIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNjR0xtVzdpZVN1amN2Q1ZrLwpXdXgra3YyYVhTM24xWHB6enlLRDRSOE9XeGhTTGo0UlZFdWpsQVB1alhNZ3pHZVlMU0RpYm4xc3pOZVQyVjRRCmEraHhNTUg4SllhWkd1Ukk0TUhsOHNVdk1USm9kMFUwQXduUkV3TjJlN3pxNHRHcEp0b3ZJeWdDUTZYd3NxbWEKTVFZWWNWTlc5UllDdUxlOFo1elFBSGpMSndhVEIwTmoyR2U5RWxOLzhDRnhpOXk4SHUxVmVNWUozdDdYRW1CRQpTQ1JaUjBqUnJhWjlId2Vpd2NjUDhmOFYvay9oaXR0VE9kclB6dVg3TUhvQmdkVmRORUZXV1hYYWx1bjZpVjNyCmNBS3BDWGw4NzhBT1ZGU25hZWxjcnJYaFdRbHk1MjBDNEpHcmU0TVY0UFc3azY5OEpWTDZWazgvdXJlQ0NYTDcKOGRKZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==' | base64 -d
证书解密后再加密对比
echo 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvekNDQWVlZ0F3SUJBZ0lKQU5IcFV6YmN1cHltTUEwR0NTcUdTSWIzRFFFQkN3VUFNQll4RkRBU0JnTlYKQkFNTUN5b3VZM0p3WTJjdVkyOXRNQjRYRFRJeE1EWXlOREEyTkRZMU5sb1hEVE14TURZeU1qQTJORFkxTmxvdwpGakVVTUJJR0ExVUVBd3dMS2k1amNuQmpaeTVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFETXR1YTZFQXB5bVdodWY3SUNUSCtleWhSd0owWVdvamFiTVc1M1lybVlSSDVvMlh0VjYwL1IKNHNQN1M1YXNVYU9EV0tZNTYvOGNuRkFBOUpZTVpiNTRzcmxqV3ZnMDhFN05iVUVRY3kveFFxZ2RtQ2V0NE91aQpiTGpNS0NRdXBsdlliUGNRZ3lpZlkxSlNUUjFkNlRNTGJDMXU3N1JBa2c2QkhRMG1vRGkwdGkwYmN4SGwyR3NoCldCbVFXS2RLSXBrSk8rV1FYcUR6aTIwaXRMV2ZBMmJXVVc5RUthYk81UWhWYmJacjMxNmFqZHREMmhwZTBTZ00KZ3Z3Z0pSWm54ZlRaM1BPZFp4NDIzZUgyNGJpN2lndHIyZ2UxdzZQMnN0TXRwZkVWeDBPclNjekd2NzE1Uldrcwo1NlRYRjhUTTQyL0J0bUVGUlRoM243Yitnb05uZkJMYkFnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCUXNqVG44CjdmTWQ0clZHTzBLVlhCQW1uaVdubHpBZkJnTlZIU01FR0RBV2dCUXNqVG44N2ZNZDRyVkdPMEtWWEJBbW5pV24KbHpBTUJnTlZIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNjR0xtVzdpZVN1amN2Q1ZrLwpXdXgra3YyYVhTM24xWHB6enlLRDRSOE9XeGhTTGo0UlZFdWpsQVB1alhNZ3pHZVlMU0RpYm4xc3pOZVQyVjRRCmEraHhNTUg4SllhWkd1Ukk0TUhsOHNVdk1USm9kMFUwQXduUkV3TjJlN3pxNHRHcEp0b3ZJeWdDUTZYd3NxbWEKTVFZWWNWTlc5UllDdUxlOFo1elFBSGpMSndhVEIwTmoyR2U5RWxOLzhDRnhpOXk4SHUxVmVNWUozdDdYRW1CRQpTQ1JaUjBqUnJhWjlId2Vpd2NjUDhmOFYvay9oaXR0VE9kclB6dVg3TUhvQmdkVmRORUZXV1hYYWx1bjZpVjNyCmNBS3BDWGw4NzhBT1ZGU25hZWxjcnJYaFdRbHk1MjBDNEpHcmU0TVY0UFc3azY5OEpWTDZWazgvdXJlQ0NYTDcKOGRKZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==' | base64 -d | base64
证书加密
cat com.crt | base64
cat com.key | base644.注意证书自己加密的内容是有换行的,k8s内原来的信息没有换行 可以自己手动操作一下
加密出来有换行
5 .证书过期查看
[root@hyk8svsrm01 pki]# openssl x509 -in ca.crt -noout -dates
notBefore=Jun 23 08:58:35 2021 GMT
notAfter=Jun 21 08:58:35 2031 GMT