List of Certs for Bare-Metal 4.7 Cluster

Will put this in table later and add descriptions. I’ll add information in parenthesis for certs that have either 24 hour or 1 year expiration. Default is 10 years.

Please ignore the formatting for now.

admin-kubeconfig-ca-bundle.crt

        Issuer: OU = openshift, CN = admin-kubeconfig-signer

        Validity

            Not Before: Apr  5 18:13:31 2021 GMT

            Not After : Apr  3 18:13:31 2031 GMT

        Subject: OU = openshift, CN = admin-kubeconfig-signer

aggregator-ca-bundle.crt (24 hours)

        Issuer: OU = openshift, CN = aggregator-signer

        Validity

            Not Before: Apr  5 18:13:33 2021 GMT

            Not After : Apr  6 18:13:33 2021 GMT

        Subject: OU = openshift, CN = aggregator-signer

aggregator-ca.crt (24 hours)

        Issuer: OU = bootkube, CN = aggregator

        Validity

            Not Before: Apr  5 18:13:33 2021 GMT

            Not After : Apr  6 18:13:33 2021 GMT

        Subject: OU = bootkube, CN = aggregator

aggregator-client.crt (24 hours)

        Issuer: OU = openshift, CN = aggregator-signer

        Validity

            Not Before: Apr  5 18:13:33 2021 GMT

            Not After : Apr  6 18:13:34 2021 GMT

        Subject: O = kube-master, CN = system:kube-apiserver-proxy

aggregator-signer.crt (24 hours)

        Issuer: OU = openshift, CN = aggregator-signer

        Validity

            Not Before: Apr  5 18:13:33 2021 GMT

            Not After : Apr  6 18:13:33 2021 GMT

        Subject: OU = openshift, CN = aggregator-signer

apiserver-proxy.crt (24 hours)

        Issuer: OU = bootkube, CN = aggregator

        Validity

            Not Before: Apr  5 18:13:33 2021 GMT

            Not After : Apr  6 18:13:34 2021 GMT

        Subject: O = kube-master, CN = system:kube-apiserver-proxy

etcd-ca-bundle.crt

        Issuer: OU = openshift, CN = etcd-signer

        Validity

            Not Before: Apr  5 18:13:00 2021 GMT

            Not After : Apr  3 18:13:00 2031 GMT

        Subject: OU = openshift, CN = etcd-signer

etcd-client.crt

        Issuer: OU = openshift, CN = etcd-signer

        Validity

            Not Before: Apr  5 18:13:00 2021 GMT

            Not After : Apr  3 18:13:00 2031 GMT

        Subject: OU = etcd, CN = etcd

etcd-metric-ca-bundle.crt

        Issuer: OU = openshift, CN = etcd-metric-signer

        Validity

            Not Before: Apr  5 18:13:00 2021 GMT

            Not After : Apr  3 18:13:00 2031 GMT

        Subject: OU = openshift, CN = etcd-metric-signer

etcd-metric-signer-client.crt

        Issuer: OU = openshift, CN = etcd-metric-signer

        Validity

            Not Before: Apr  5 18:13:00 2021 GMT

            Not After : Apr  3 18:13:00 2031 GMT

        Subject: OU = etcd-metric, CN = etcd-metric

etcd-metric-signer.crt

        Issuer: OU = openshift, CN = etcd-metric-signer

        Validity

            Not Before: Apr  5 18:13:00 2021 GMT

            Not After : Apr  3 18:13:00 2031 GMT

        Subject: OU = openshift, CN = etcd-metric-signer

etcd-signer.crt

        Issuer: OU = openshift, CN = etcd-signer

        Validity

            Not Before: Apr  5 18:13:00 2021 GMT

            Not After : Apr  3 18:13:00 2031 GMT

        Subject: OU = openshift, CN = etcd-signer

journal-gatewayd.crt

        Issuer: OU = openshift, CN = root-ca

        Validity

            Not Before: Apr  5 18:12:59 2021 GMT

            Not After : Apr  3 18:13:34 2031 GMT

        Subject: O = OpenShift Bootstrap, CN = journal-gatewayd

kube-apiserver-complete-client-ca-bundle.crt

        Issuer: OU = openshift, CN = admin-kubeconfig-signer

        Validity

            Not Before: Apr  5 18:13:31 2021 GMT

            Not After : Apr  3 18:13:31 2031 GMT

        Subject: OU = openshift, CN = admin-kubeconfig-signer

kube-apiserver-complete-server-ca-bundle.crt

        Issuer: OU = openshift, CN = kube-apiserver-localhost-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  3 18:13:32 2031 GMT

        Subject: OU = openshift, CN = kube-apiserver-localhost-signer

kube-apiserver-internal-lb-server.crt (24 hours)

        Issuer: OU = openshift, CN = kube-apiserver-lb-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  6 18:13:35 2021 GMT

        Subject: O = kube-master, CN = system:kube-apiserver

kube-apiserver-lb-ca-bundle.crt

        Issuer: OU = openshift, CN = kube-apiserver-lb-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  3 18:13:32 2031 GMT

        Subject: OU = openshift, CN = kube-apiserver-lb-signer

kube-apiserver-lb-server.crt (24 hours)

        Issuer: OU = openshift, CN = kube-apiserver-lb-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  6 18:13:34 2021 GMT

        Subject: O = kube-master, CN = system:kube-apiserver

kube-apiserver-lb-signer.crt

        Issuer: OU = openshift, CN = kube-apiserver-lb-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  3 18:13:32 2031 GMT

        Subject: OU = openshift, CN = kube-apiserver-lb-signer

kube-apiserver-localhost-ca-bundle.crt

        Issuer: OU = openshift, CN = kube-apiserver-localhost-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  3 18:13:32 2031 GMT

        Subject: OU = openshift, CN = kube-apiserver-localhost-signer

kube-apiserver-localhost-server.crt (24 hours)

        Issuer: OU = openshift, CN = kube-apiserver-localhost-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  6 18:13:35 2021 GMT

        Subject: O = kube-master, CN = system:kube-apiserver

kube-apiserver-localhost-signer.crt

        Issuer: OU = openshift, CN = kube-apiserver-localhost-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  3 18:13:32 2031 GMT

        Subject: OU = openshift, CN = kube-apiserver-localhost-signer

kube-apiserver-service-network-ca-bundle.crt

        Issuer: OU = openshift, CN = kube-apiserver-service-network-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  3 18:13:32 2031 GMT

        Subject: OU = openshift, CN = kube-apiserver-service-network-signer

kube-apiserver-service-network-server.crt (24 hours)

        Issuer: OU = openshift, CN = kube-apiserver-service-network-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  6 18:13:35 2021 GMT

        Subject: O = kube-master, CN = system:kube-apiserver

kube-apiserver-service-network-signer.crt

        Issuer: OU = openshift, CN = kube-apiserver-service-network-signer

        Validity

            Not Before: Apr  5 18:13:32 2021 GMT

            Not After : Apr  3 18:13:32 2031 GMT

        Subject: OU = openshift, CN = kube-apiserver-service-network-signer

kube-apiserver-to-kubelet-ca-bundle.crt (1 year)

        Issuer: OU = openshift, CN = kube-apiserver-to-kubelet-signer

        Validity

            Not Before: Apr  5 18:13:36 2021 GMT

            Not After : Apr  5 18:13:36 2022 GMT

        Subject: OU = openshift, CN = kube-apiserver-to-kubelet-signer

kube-apiserver-to-kubelet-client.crt (1 year)

        Issuer: OU = openshift, CN = kube-apiserver-to-kubelet-signer

        Validity

            Not Before: Apr  5 18:13:36 2021 GMT

            Not After : Apr  5 18:13:36 2022 GMT

        Subject: O = kube-master, CN = system:kube-apiserver

kube-apiserver-to-kubelet-signer.crt (1 year)

        Issuer: OU = openshift, CN = kube-apiserver-to-kubelet-signer

        Validity

            Not Before: Apr  5 18:13:36 2021 GMT

            Not After : Apr  5 18:13:36 2022 GMT

        Subject: OU = openshift, CN = kube-apiserver-to-kubelet-signer

kube-control-plane-ca-bundle.crt (1 year)

        Issuer: OU = openshift, CN = kube-control-plane-signer

        Validity

            Not Before: Apr  5 18:13:36 2021 GMT

            Not After : Apr  5 18:13:36 2022 GMT

        Subject: OU = openshift, CN = kube-control-plane-signer

kube-control-plane-kube-controller-manager-client.crt (1 year)

        Issuer: OU = openshift, CN = kube-control-plane-signer

        Validity

            Not Before: Apr  5 18:13:36 2021 GMT

            Not After : Apr  5 18:13:36 2022 GMT

        Subject: O = system:masters, CN = system:admin

kube-control-plane-kube-scheduler-client.crt (1 year)

        Issuer: OU = openshift, CN = kube-control-plane-signer

        Validity

            Not Before: Apr  5 18:13:36 2021 GMT

            Not After : Apr  5 18:13:37 2022 GMT

        Subject: O = system:masters, CN = system:admin

kube-control-plane-signer.crt (1 year)

        Issuer: OU = openshift, CN = kube-control-plane-signer

        Validity

            Not Before: Apr  5 18:13:36 2021 GMT

            Not After : Apr  5 18:13:36 2022 GMT

        Subject: OU = openshift, CN = kube-control-plane-signer

kubelet-bootstrap-kubeconfig-ca-bundle.crt

        Issuer: OU = openshift, CN = kubelet-bootstrap-kubeconfig-signer

        Validity

            Not Before: Apr  5 18:13:33 2021 GMT

            Not After : Apr  3 18:13:33 2031 GMT

        Subject: OU = openshift, CN = kubelet-bootstrap-kubeconfig-signer

kubelet-client-ca-bundle.crt (24 hours)

        Issuer: OU = openshift, CN = kubelet-signer

        Validity

            Not Before: Apr  5 18:13:35 2021 GMT

            Not After : Apr  6 18:13:35 2021 GMT

        Subject: OU = openshift, CN = kubelet-signer

kubelet-client.crt

        Issuer: OU = openshift, CN = kubelet-bootstrap-kubeconfig-signer

        Validity

            Not Before: Apr  5 18:13:33 2021 GMT

            Not After : Apr  3 18:13:33 2031 GMT

        Subject: O = system:serviceaccounts:openshift-machine-config-operator, CN = system:serviceaccount:openshift-machine-config-operator:node-bootstrapper

kubelet-serving-ca-bundle.crt (24 hours)

        Issuer: OU = openshift, CN = kubelet-signer

        Validity

            Not Before: Apr  5 18:13:35 2021 GMT

            Not After : Apr  6 18:13:35 2021 GMT

        Subject: OU = openshift, CN = kubelet-signer

kubelet-signer.crt (24 hours)

        Issuer: OU = openshift, CN = kubelet-signer

        Validity

            Not Before: Apr  5 18:13:35 2021 GMT

            Not After : Apr  6 18:13:35 2021 GMT

        Subject: OU = openshift, CN = kubelet-signer

machine-config-server.crt

        Issuer: OU = openshift, CN = root-ca

        Validity

            Not Before: Apr  5 18:12:59 2021 GMT

            Not After : Apr  3 18:13:00 2031 GMT

        Subject: CN = system:machine-config-server

root-ca.crt

        Issuer: OU = openshift, CN = root-ca

        Validity

            Not Before: Apr  5 18:12:59 2021 GMT

            Not After : Apr  3 18:12:59 2031 GMT

        Subject: OU = openshift, CN = root-ca

Leave a Reply