RKE2 Certificates

rke2-certs.txt

## Custom lifetime of certs
## Require rancher/dynamiclistener >=v0.3.4
## https://github.com/rancher/dynamiclistener/commit/7b5997cee90b9b0fea9dc8e79df3c82976a2d378
cat << EOF > /etc/default/rke2-server                                                                                         
CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650
EOF

cat << EOF > /etc/default/rke2-agent
CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650
EOF

## Install via https://docs.rke2.io/install/quickstart

## Cert files
for i in `ls /var/lib/rancher/rke2/server/tls/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done

for i in `ls /var/lib/rancher/rke2/server/tls/*/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done

for i in `ls /var/lib/rancher/rke2/agent/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done


## REK2 Server API
export PATH=$PATH:/var/lib/rancher/rke2/bin
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
kubectl get secret -n kube-system rke2-serving -o jsonpath='{.data.tls\.crt}' | base64 -d | openssl x509 -noout -text

openssl s_client -connect localhost:9345 </dev/null 2>/dev/null | openssl x509 -inform pem -text
openssl s_client -connect localhost:9345 </dev/null 2>/dev/null | openssl x509 -enddate -noout

cat /var/lib/rancher/rke2/server/tls/dynamic-cert.json