List of Certs for Bare-Metal 4.7 Cluster
Will put this in table later and add descriptions. I’ll add information in parenthesis for certs that have either 24 hour or 1 year expiration. Default is 10 years.
Please ignore the formatting for now.
admin-kubeconfig-ca-bundle.crt
Issuer: OU = openshift, CN = admin-kubeconfig-signer
Validity
Not Before: Apr 5 18:13:31 2021 GMT
Not After : Apr 3 18:13:31 2031 GMT
Subject: OU = openshift, CN = admin-kubeconfig-signer
aggregator-ca-bundle.crt (24 hours)
Issuer: OU = openshift, CN = aggregator-signer
Validity
Not Before: Apr 5 18:13:33 2021 GMT
Not After : Apr 6 18:13:33 2021 GMT
Subject: OU = openshift, CN = aggregator-signer
aggregator-ca.crt (24 hours)
Issuer: OU = bootkube, CN = aggregator
Validity
Not Before: Apr 5 18:13:33 2021 GMT
Not After : Apr 6 18:13:33 2021 GMT
Subject: OU = bootkube, CN = aggregator
aggregator-client.crt (24 hours)
Issuer: OU = openshift, CN = aggregator-signer
Validity
Not Before: Apr 5 18:13:33 2021 GMT
Not After : Apr 6 18:13:34 2021 GMT
Subject: O = kube-master, CN = system:kube-apiserver-proxy
aggregator-signer.crt (24 hours)
Issuer: OU = openshift, CN = aggregator-signer
Validity
Not Before: Apr 5 18:13:33 2021 GMT
Not After : Apr 6 18:13:33 2021 GMT
Subject: OU = openshift, CN = aggregator-signer
apiserver-proxy.crt (24 hours)
Issuer: OU = bootkube, CN = aggregator
Validity
Not Before: Apr 5 18:13:33 2021 GMT
Not After : Apr 6 18:13:34 2021 GMT
Subject: O = kube-master, CN = system:kube-apiserver-proxy
etcd-ca-bundle.crt
Issuer: OU = openshift, CN = etcd-signer
Validity
Not Before: Apr 5 18:13:00 2021 GMT
Not After : Apr 3 18:13:00 2031 GMT
Subject: OU = openshift, CN = etcd-signer
etcd-client.crt
Issuer: OU = openshift, CN = etcd-signer
Validity
Not Before: Apr 5 18:13:00 2021 GMT
Not After : Apr 3 18:13:00 2031 GMT
Subject: OU = etcd, CN = etcd
etcd-metric-ca-bundle.crt
Issuer: OU = openshift, CN = etcd-metric-signer
Validity
Not Before: Apr 5 18:13:00 2021 GMT
Not After : Apr 3 18:13:00 2031 GMT
Subject: OU = openshift, CN = etcd-metric-signer
etcd-metric-signer-client.crt
Issuer: OU = openshift, CN = etcd-metric-signer
Validity
Not Before: Apr 5 18:13:00 2021 GMT
Not After : Apr 3 18:13:00 2031 GMT
Subject: OU = etcd-metric, CN = etcd-metric
etcd-metric-signer.crt
Issuer: OU = openshift, CN = etcd-metric-signer
Validity
Not Before: Apr 5 18:13:00 2021 GMT
Not After : Apr 3 18:13:00 2031 GMT
Subject: OU = openshift, CN = etcd-metric-signer
etcd-signer.crt
Issuer: OU = openshift, CN = etcd-signer
Validity
Not Before: Apr 5 18:13:00 2021 GMT
Not After : Apr 3 18:13:00 2031 GMT
Subject: OU = openshift, CN = etcd-signer
journal-gatewayd.crt
Issuer: OU = openshift, CN = root-ca
Validity
Not Before: Apr 5 18:12:59 2021 GMT
Not After : Apr 3 18:13:34 2031 GMT
Subject: O = OpenShift Bootstrap, CN = journal-gatewayd
kube-apiserver-complete-client-ca-bundle.crt
Issuer: OU = openshift, CN = admin-kubeconfig-signer
Validity
Not Before: Apr 5 18:13:31 2021 GMT
Not After : Apr 3 18:13:31 2031 GMT
Subject: OU = openshift, CN = admin-kubeconfig-signer
kube-apiserver-complete-server-ca-bundle.crt
Issuer: OU = openshift, CN = kube-apiserver-localhost-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 3 18:13:32 2031 GMT
Subject: OU = openshift, CN = kube-apiserver-localhost-signer
kube-apiserver-internal-lb-server.crt (24 hours)
Issuer: OU = openshift, CN = kube-apiserver-lb-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 6 18:13:35 2021 GMT
Subject: O = kube-master, CN = system:kube-apiserver
kube-apiserver-lb-ca-bundle.crt
Issuer: OU = openshift, CN = kube-apiserver-lb-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 3 18:13:32 2031 GMT
Subject: OU = openshift, CN = kube-apiserver-lb-signer
kube-apiserver-lb-server.crt (24 hours)
Issuer: OU = openshift, CN = kube-apiserver-lb-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 6 18:13:34 2021 GMT
Subject: O = kube-master, CN = system:kube-apiserver
kube-apiserver-lb-signer.crt
Issuer: OU = openshift, CN = kube-apiserver-lb-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 3 18:13:32 2031 GMT
Subject: OU = openshift, CN = kube-apiserver-lb-signer
kube-apiserver-localhost-ca-bundle.crt
Issuer: OU = openshift, CN = kube-apiserver-localhost-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 3 18:13:32 2031 GMT
Subject: OU = openshift, CN = kube-apiserver-localhost-signer
kube-apiserver-localhost-server.crt (24 hours)
Issuer: OU = openshift, CN = kube-apiserver-localhost-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 6 18:13:35 2021 GMT
Subject: O = kube-master, CN = system:kube-apiserver
kube-apiserver-localhost-signer.crt
Issuer: OU = openshift, CN = kube-apiserver-localhost-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 3 18:13:32 2031 GMT
Subject: OU = openshift, CN = kube-apiserver-localhost-signer
kube-apiserver-service-network-ca-bundle.crt
Issuer: OU = openshift, CN = kube-apiserver-service-network-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 3 18:13:32 2031 GMT
Subject: OU = openshift, CN = kube-apiserver-service-network-signer
kube-apiserver-service-network-server.crt (24 hours)
Issuer: OU = openshift, CN = kube-apiserver-service-network-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 6 18:13:35 2021 GMT
Subject: O = kube-master, CN = system:kube-apiserver
kube-apiserver-service-network-signer.crt
Issuer: OU = openshift, CN = kube-apiserver-service-network-signer
Validity
Not Before: Apr 5 18:13:32 2021 GMT
Not After : Apr 3 18:13:32 2031 GMT
Subject: OU = openshift, CN = kube-apiserver-service-network-signer
kube-apiserver-to-kubelet-ca-bundle.crt (1 year)
Issuer: OU = openshift, CN = kube-apiserver-to-kubelet-signer
Validity
Not Before: Apr 5 18:13:36 2021 GMT
Not After : Apr 5 18:13:36 2022 GMT
Subject: OU = openshift, CN = kube-apiserver-to-kubelet-signer
kube-apiserver-to-kubelet-client.crt (1 year)
Issuer: OU = openshift, CN = kube-apiserver-to-kubelet-signer
Validity
Not Before: Apr 5 18:13:36 2021 GMT
Not After : Apr 5 18:13:36 2022 GMT
Subject: O = kube-master, CN = system:kube-apiserver
kube-apiserver-to-kubelet-signer.crt (1 year)
Issuer: OU = openshift, CN = kube-apiserver-to-kubelet-signer
Validity
Not Before: Apr 5 18:13:36 2021 GMT
Not After : Apr 5 18:13:36 2022 GMT
Subject: OU = openshift, CN = kube-apiserver-to-kubelet-signer
kube-control-plane-ca-bundle.crt (1 year)
Issuer: OU = openshift, CN = kube-control-plane-signer
Validity
Not Before: Apr 5 18:13:36 2021 GMT
Not After : Apr 5 18:13:36 2022 GMT
Subject: OU = openshift, CN = kube-control-plane-signer
kube-control-plane-kube-controller-manager-client.crt (1 year)
Issuer: OU = openshift, CN = kube-control-plane-signer
Validity
Not Before: Apr 5 18:13:36 2021 GMT
Not After : Apr 5 18:13:36 2022 GMT
Subject: O = system:masters, CN = system:admin
kube-control-plane-kube-scheduler-client.crt (1 year)
Issuer: OU = openshift, CN = kube-control-plane-signer
Validity
Not Before: Apr 5 18:13:36 2021 GMT
Not After : Apr 5 18:13:37 2022 GMT
Subject: O = system:masters, CN = system:admin
kube-control-plane-signer.crt (1 year)
Issuer: OU = openshift, CN = kube-control-plane-signer
Validity
Not Before: Apr 5 18:13:36 2021 GMT
Not After : Apr 5 18:13:36 2022 GMT
Subject: OU = openshift, CN = kube-control-plane-signer
kubelet-bootstrap-kubeconfig-ca-bundle.crt
Issuer: OU = openshift, CN = kubelet-bootstrap-kubeconfig-signer
Validity
Not Before: Apr 5 18:13:33 2021 GMT
Not After : Apr 3 18:13:33 2031 GMT
Subject: OU = openshift, CN = kubelet-bootstrap-kubeconfig-signer
kubelet-client-ca-bundle.crt (24 hours)
Issuer: OU = openshift, CN = kubelet-signer
Validity
Not Before: Apr 5 18:13:35 2021 GMT
Not After : Apr 6 18:13:35 2021 GMT
Subject: OU = openshift, CN = kubelet-signer
kubelet-client.crt
Issuer: OU = openshift, CN = kubelet-bootstrap-kubeconfig-signer
Validity
Not Before: Apr 5 18:13:33 2021 GMT
Not After : Apr 3 18:13:33 2031 GMT
Subject: O = system:serviceaccounts:openshift-machine-config-operator, CN = system:serviceaccount:openshift-machine-config-operator:node-bootstrapper
kubelet-serving-ca-bundle.crt (24 hours)
Issuer: OU = openshift, CN = kubelet-signer
Validity
Not Before: Apr 5 18:13:35 2021 GMT
Not After : Apr 6 18:13:35 2021 GMT
Subject: OU = openshift, CN = kubelet-signer
kubelet-signer.crt (24 hours)
Issuer: OU = openshift, CN = kubelet-signer
Validity
Not Before: Apr 5 18:13:35 2021 GMT
Not After : Apr 6 18:13:35 2021 GMT
Subject: OU = openshift, CN = kubelet-signer
machine-config-server.crt
Issuer: OU = openshift, CN = root-ca
Validity
Not Before: Apr 5 18:12:59 2021 GMT
Not After : Apr 3 18:13:00 2031 GMT
Subject: CN = system:machine-config-server
root-ca.crt
Issuer: OU = openshift, CN = root-ca
Validity
Not Before: Apr 5 18:12:59 2021 GMT
Not After : Apr 3 18:12:59 2031 GMT
Subject: OU = openshift, CN = root-ca