TODO need to work out who and what.
- Signing Certificate/Key Pairs
- Serving Certificate/Key Pairs
- Client Certificate/Key Pairs
- Certificates Without Keys
- Certificate Authority Bundles
| Property | Value |
|---|---|
| Type | Signer |
| CommonName | root-ca |
| SerialNumber | 8389990467108443888 |
| Issuer CommonName | root-ca |
| Validity | 10y |
| Signature Algorithm | SHA256-RSA |
| PublicKey Algorithm | RSA 2048 bit |
| Usages | - KeyUsageDigitalSignature - KeyUsageKeyEncipherment - KeyUsageCertSign |
| ExtendedUsages |
| Namespace | Secret Name |
|---|
| File | Permissions | User | Group | SE Linux |
|---|---|---|---|---|
| /etc/kubernetes/ca.crt/ca.crt | -rw-r--r--. | root | root | system_u:object_r:kubernetes_file_t:s0 |
TODO: team needs to make description
| Property | Value |
|---|---|
| Type | Serving |
| CommonName | system:machine-config-server |
| SerialNumber | 6740508919873829930 |
| Issuer CommonName | root-ca |
| Validity | 10y |
| Signature Algorithm | SHA256-RSA |
| PublicKey Algorithm | RSA 2048 bit |
| Usages | |
| ExtendedUsages | - ExtKeyUsageServerAuth |
| DNS Names | - api-int.ci-ln-z2l4snt-f76d1.origin-ci-int-gce.dev.openshift.com |
| IP Addresses |
| Namespace | Secret Name |
|---|---|
| openshift-machine-config-operator | machine-config-server-tls |
| File | Permissions | User | Group | SE Linux |
|---|
These certificates are present in certificate authority bundles, but do not have keys in the cluster. This happens when the installer bootstrap clusters with a set of certificate/key pairs that are deleted during the installation process.