Explain the openssl commands needed to get kubernetes CA certificate hash

vjunior1981 · December 19, 2021, 12:48pm

So, I’m studying to try my first hit at CKA certification. At one of the videos I’m watching, the instructor said to execute those commands to find the CA certificate hash for k8s:

# On the Control Plane Node, you can find the CA cert hash.
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | \
openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | \
sed 's/^.* //'

Ok, this works just fine, but he didn’t explained what this command really does. Could someone explain each step? I’m not used to work with openssl command, and just reading the man for the command, things wasn’t exactly clear for me.

Best regards, Vitor Jr.

EricoCartmanez · October 7, 2022, 6:31pm

Hi,
I also tried to reproduce the command from Van Vugt’s tutorial without success. But the exact same command is included in the Kubernetes documentation so I guess we can just use it as is from there:

Also, it seems we can get the same result (or full join-command) with:

kubeadm token create --print-join-command

Cheers

Topic		Replies	Views
Certificates and Service Accounts in Kubernetes Cluster General Discussions	0	405	December 13, 2022
Kubernetes HA docs: Copying certs to joining master nodes General Discussions	0	2861	November 15, 2019
How to add trusted root certificate authority (CA) certificates during cluster deployment General Discussions	0	513	January 30, 2024
Using existing PKI user certs General Discussions	1	772	November 9, 2018
Kops - How to use kubernetes-ca's keyset.yaml to sign new certificates? General Discussions kops	0	379	May 15, 2023

Explain the openssl commands needed to get kubernetes CA certificate hash

Related topics