#00
You do not have CSR and want to create self-signed certificate, key and CA files etc. !!! SUMMARY !!!
openssl genpkey -out test.key -algorithm RSA
openssl req -new -x509 -days 3650 -key test.key -out test.crt -subj "/C=TR/L=Ankara/O=Test A.S./CN=*"
ls
openssl x509 -in test.crt -text -noout
--> for metrics server: copy files or mount
- --kubelet-certificate-authority=/test.crt
- --tls-cert-file=/test.crt
- --tls-private-key-file=/test.key
#01
openssl genpkey -out kt.key -algorithm RSA
#02
openssl req -new -config kt.cnf -key kt.key -out kt.csr
#03 Creating CSRs from Existing Certificates
#openssl x509 -x509toreq -in kt.crt -out kt.csr -signkey kt.key
#04
openssl x509 -req -days 3650 -in kt.csr -signkey kt.key -out kt.crt
## without csr: openssl req -new -x509 -days 3650 -key kt.key -out kt.crt
## without ...: openssl req -new -x509 -days 3650 -key kt.key -out kt.crt -subj "/C=TR/L=Ankara/O=Kuveytturk A.S./CN=kuveytturk.local"
openssl x509 -in kt.crt -text -noout
openssl x509 -inform PEM -in kt.pem -outform DER -out kt.der
openssl x509 -inform PEM -in kt.pem -outform DER -out kt.der
openssl pkcs12 -in kt.p12 -out kt.pem -nodes
openssl pkcs12 -in kt.p12 -nocerts -out kt.key -nodes
openssl pkcs12 -in kt.p12 -nokeys -clcerts -out kt.crt
openssl pkcs12 -in kt.p12 -nokeys -cacerts -out kt-chain.crt
openssl s_client -connect server01.kuveytturk.local:443
echo | openssl s_client -connect server01.kuveytturk.local:443 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > kt.crt
echo | openssl s_client -showcerts -connect server01.kuveytturk.local:443 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > kt.chain
openssl s_client -connect www.example.com:443 -tls1_2