Skip to content

Instantly share code, notes, and snippets.

@zaletniy

zaletniy/x509-troubleshooting.md

Last active January 11, 2019 02:47
Show Gist options
  • Save zaletniy/a7755e7894af238d6309a5b2f91c6a08 to your computer and use it in GitHub Desktop.
Save zaletniy/a7755e7894af238d6309a5b2f91c6a08 to your computer and use it in GitHub Desktop.
Download ZIP
x509 certificates troubleshooting
Raw
x509-troubleshooting.md

RSA key

File like

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAr7ivQ7D5lbF4Z3bB6xNJ+IJwkr+1J7MJpbSt8/Ge6ORbbpK3
...
ajwMAEogApmYwgWg57Ri6H8debGDkk5bEEYDbXJBXAuNb5835s5Ael+BZCe7u/NU
/RIOvToDuSemdCp27s1MqxMr3hrNg3agXKmSDCWhM27dj1eH2fDP7g==
-----END RSA PRIVATE KEY-----

RSA Key content

openssl rsa -in client.key -text -noout

Math like

Private-Key: (2048 bit)
modulus:
    00:af:b8:af:43:b0:f9:95:b1:78:67:76:c1:eb:13:
    49:f8:82:70:92:bf:b5:27:b3:09:a5:b4:ad:f3:f1:
    ...
publicExponent: 65537 (0x10001)
privateExponent:
    00:86:16:ee:57:3f:43:15:81:b9:99:6a:3c:0c:00:
    4a:20:02:99:98:c2:05:a0:e7:b4:62:e8:7f:1d:79:
    b1:83:92:4e:5b:10:46:03:6d:72:41:5c:0b:8d:6f:
    ...
prime1:
    00:e5:55:d3:55:ad:55:54:30:a5:39:97:31:49:e2:
    91:a3:27:56:97:6d:68:19:b7:b3:a8:7b:f5:5e:e3:
    fb:bd:a7:ba:69:a1:b2:09:00:e1:d6:79:81:30:d5:
    56:e8:bc:c4:71:7d:12:8c:d9
    ...
prime2:
    00:c4:27:0a:7a:48:9f:3c:28:2d:5b:e8:75:5e:05:
    6b:82:5b:a8:7e:d8:a1:34:8b:db:4e:26:83:69:21:
    f1:80:f1:12:5d:39:0f:3e:74:14:82:30:99:b7:80:
    01:76:2e:4b:fa:76:20:72:ea:bc:f9:d9:b9:91:1b
    ...

Cert file

-----BEGIN CERTIFICATE-----
MIIDADCCAeigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
a3ViZUNBMB4XDTE4MTIwMjIxNTQwMFoXDTE5MTIwMzIxNTQwMFowMTEXMBUGA1UE
...
-----END CERTIFICATE-----

Content of cert file

openssl x509 -in client.crt -text -noout

Data information like

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=minikubeCA
        Validity
            Not Before: Dec  2 21:54:00 2018 GMT
            Not After : Dec  3 21:54:00 2019 GMT
        Subject: O=system:masters, CN=minikube-user
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:af:b8:af:43:b0:f9:95:b1:78:67:76:c1:eb:13:
                    49:f8:82:70:92:bf:b5:27:b3:09:a5:b4:ad:f3:f1:
                    ..
                    99:7c:01:03:f3:47:73:f1:7c:f3:65:c0:a2:cc:2d:
                    83:5c:d9:dd:81:99:49:4e:0f:c9:9b:7f:61:86:7b:
                    0d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
         92:7c:9f:b1:0c:26:da:f2:70:77:78:5e:a4:8e:b1:cf:90:a1:
         ...

in kubeconfig

It is actually just base64 encoded

so for key like

...
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMDRS...  
...

grep 'client-key-data' ~/.kube/config |awk '{print $2}' | base64 -d | openssl rsa -text -noout

for cert

grep 'client-certificate-data' ~/.kube/config |awk '{print $2}' | base64 -d | openssl x509 -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:75:77:93:2e:03:79:81:cb:d6:9d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=kubernetes
        Validity
            Not Before: Dec 29 16:25:21 2018 GMT
            Not After : Dec 28 16:25:21 2028 GMT
        Subject: O=system:masters, CN=kubecfg
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d3:84:4f:04:85:9f:76:79:9a:f8:58:15:5f:fc:
                    56:ed:92:42:f5:3b:23:66:59:b9:b4:76:91:43:91:
                    6b:94:71:3a:cd:ed:37:7b:2f:8f:ee:a8:c4:0c:3f:
                    d8:5a:c2:9c:17:75:1f:52:f0:42:a0:52:ff:7b:e1:
                    84:72:c2:97:cc:d4:cb:6e:48:60:b1:07:8d:62:52:
                    ac:df:19:98:bd:4c:37:8c:15:9d:ec:aa:7c:ec:ef:
                    18:6c:41:d7:16:c0:79:72:62:43:8e:ef:54:d3:f7:
                    29:4f:5e:64:78:de:e1:d7:de:85:d4:03:7b:7a:ad:
                    d4:27:01:59:f2:a3:76:05:b0:f1:be:6c:b8:0f:3e:
                    99:3d:a3:16:d0:02:7a:78:16:15:f1:f7:33:ac:55:
                    3d:f9:23:b9:e8:05:26:7a:01:c8:c8:51:f1:09:7d:
                    91:b1:1e:01:28:3d:10:0a:45:03:3c:f2:61:ca:78:
                    e4:30:d8:ce:0d:ac:9e:0b:f8:76:9b:17:8a:87:28:
                    86:d9:6c:d2:7b:38:ff:2e:8b:6e:c9:0f:f5:72:b3:
                    3a:85:ea:72:c8:d0:e1:40:f4:11:36:f0:9d:83:c4:
                    46:42:f0:3a:6c:27:26:52:bb:b5:7d:a5:cd:ec:8a:
                    84:52:89:2e:9c:44:32:e2:a8:0e:50:17:a2:99:2f:
                    4e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
         c7:ad:55:e9:21:f0:e8:db:a6:7b:e2:68:63:3b:f7:79:99:c3:
         be:e4:29:fe:b8:08:f4:c4:63:f3:fd:87:c7:3f:05:a3:11:25:
         fc:69:c0:8c:a7:00:6c:c2:b6:35:9b:84:a8:26:d1:4b:23:3d:
         b7:3a:d3:fc:c3:75:4a:54:9a:3c:4d:af:1b:f5:84:d2:84:df:
         97:23:be:45:b1:6f:46:9e:a4:12:ef:6e:3b:96:05:fa:37:ae:
         ec:d1:dc:14:c5:5d:07:a0:b9:dc:7c:fa:9b:ca:00:47:74:54:
         1c:44:58:e4:4c:d4:62:cb:38:d4:96:7c:89:89:0d:ee:b5:74:
         14:ee:a4:81:39:b2:3b:cc:f8:f9:cb:78:25:16:2d:fa:fb:e8:
         43:75:ed:4c:15:95:fd:a5:9a:2a:15:3f:ab:6a:21:34:f6:9e:
         28:00:e8:d3:4d:06:df:b6:a4:c9:c8:8f:8d:e5:80:9c:5b:e6:
         bb:54:49:d9:86:b7:e5:ff:be:3e:ff:19:e8:46:7b:6f:52:1c:
         42:05:e6:bf:08:16:fe:3f:6c:58:29:41:90:11:e0:53:25:e5:
         7d:d9:2a:21:de:f0:77:78:eb:cb:37:f7:fa:35:09:9c:0b:5a:
         05:fe:3a:82:4f:bf:8b:e5:00:b1:ba:d2:a7:3b:cc:4a:43:99:
         54:d6:46:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment