.TH "OPENSHIFT ADMIN" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" .SH NAME .PP openshift admin create\-server\-cert \- .SH SYNOPSIS .PP \fBopenshift admin create\-server\-cert\fP [OPTIONS] .SH DESCRIPTION .PP Create a key and server certificate .PP Create a key and server certificate valid for the specified hostnames, signed by the specified CA. These are useful for securing infrastructure components such as the router, authentication server, etc. .PP Example: Creating a secure router certificate. .PP CA=openshift.local.config/master openshift admin create\-server\-cert \-\-signer\-cert=$CA/ca.crt \\ \-\-signer\-key=$CA/ca.key \-\-signer\-serial=$CA/ca.serial.txt \\ \-\-hostnames='*.cloudapps.example.com' \\ \-\-cert=cloudapps.crt \-\-key=cloudapps.key cat cloudapps.crt cloudapps.key $CA/ca.crt > cloudapps.router.pem .SH OPTIONS .PP \fB\-\-cert\fP="" The certificate file. Choose a name that indicates what the service is. .PP \fB\-\-expire\-days\fP=730 Validity of the certificate in days (defaults to 2 years). WARNING: extending this above default value is highly discouraged. .PP \fB\-\-hostnames\fP=[] Every hostname or IP you want server certs to be valid for. Comma delimited list .PP \fB\-\-key\fP="" The key file. Choose a name that indicates what the service is. .PP \fB\-\-overwrite\fP=true Overwrite existing cert files if found. If false, any existing file will be left as\-is. .PP \fB\-\-signer\-cert\fP="openshift.local.config/master/ca.crt" The certificate file. .PP \fB\-\-signer\-key\fP="openshift.local.config/master/ca.key" The key file. .PP \fB\-\-signer\-serial\fP="openshift.local.config/master/ca.serial.txt" The serial file that keeps track of how many certs have been signed. .SH OPTIONS INHERITED FROM PARENT COMMANDS .PP \fB\-\-api\-version\fP="" DEPRECATED: The API version to use when talking to the server .PP \fB\-\-as\fP="" Username to impersonate for the operation .PP \fB\-\-certificate\-authority\fP="" Path to a cert. file for the certificate authority .PP \fB\-\-client\-certificate\fP="" Path to a client certificate file for TLS .PP \fB\-\-client\-key\fP="" Path to a client key file for TLS .PP \fB\-\-cluster\fP="" The name of the kubeconfig cluster to use .PP \fB\-\-config\fP="" Path to the config file to use for CLI requests. .PP \fB\-\-context\fP="" The name of the kubeconfig context to use .PP \fB\-\-google\-json\-key\fP="" The Google Cloud Platform Service Account JSON Key to use for authentication. .PP \fB\-\-insecure\-skip\-tls\-verify\fP=false If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure .PP \fB\-\-log\-flush\-frequency\fP=0 Maximum number of seconds between log flushes .PP \fB\-\-match\-server\-version\fP=false Require server version to match client version .PP \fB\-n\fP, \fB\-\-namespace\fP="" If present, the namespace scope for this CLI request .PP \fB\-\-request\-timeout\fP="0" The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. .PP \fB\-\-server\fP="" The address and port of the Kubernetes API server .PP \fB\-\-token\fP="" Bearer token for authentication to the API server .PP \fB\-\-user\fP="" The name of the kubeconfig user to use .SH SEE ALSO .PP \fBopenshift\-admin(1)\fP, .SH HISTORY .PP June 2016, Ported from the Kubernetes man\-doc generator