1. origin
  2. docs
  3. man
  4. man1
  5. openshift-admin-create-server-cert.1
Raw Blame History 
.TH "OPENSHIFT ADMIN" "1" " Openshift CLI User Manuals" "Openshift" "June 2016"  ""


.SH NAME
.PP
openshift admin create\-server\-cert \-


.SH SYNOPSIS
.PP
\fBopenshift admin create\-server\-cert\fP [OPTIONS]


.SH DESCRIPTION
.PP
Create a key and server certificate

.PP
Create a key and server certificate valid for the specified hostnames, signed by the specified CA. These are useful for securing infrastructure components such as the router, authentication server, etc.

.PP
Example: Creating a secure router certificate.

.PP
CA=openshift.local.config/master
      openshift admin create\-server\-cert \-\-signer\-cert=$CA/ca.crt \\
            \-\-signer\-key=$CA/ca.key \-\-signer\-serial=$CA/ca.serial.txt \\
            \-\-hostnames='*.cloudapps.example.com' \\
            \-\-cert=cloudapps.crt \-\-key=cloudapps.key
  cat cloudapps.crt cloudapps.key $CA/ca.crt > cloudapps.router.pem


.SH OPTIONS
.PP
\fB\-\-cert\fP=""
    The certificate file. Choose a name that indicates what the service is.

.PP
\fB\-\-expire\-days\fP=730
    Validity of the certificate in days (defaults to 2 years). WARNING: extending this above default value is highly discouraged.

.PP
\fB\-\-hostnames\fP=[]
    Every hostname or IP you want server certs to be valid for. Comma delimited list

.PP
\fB\-\-key\fP=""
    The key file. Choose a name that indicates what the service is.

.PP
\fB\-\-overwrite\fP=true
    Overwrite existing cert files if found.  If false, any existing file will be left as\-is.

.PP
\fB\-\-signer\-cert\fP="openshift.local.config/master/ca.crt"
    The certificate file.

.PP
\fB\-\-signer\-key\fP="openshift.local.config/master/ca.key"
    The key file.

.PP
\fB\-\-signer\-serial\fP="openshift.local.config/master/ca.serial.txt"
    The serial file that keeps track of how many certs have been signed.


.SH OPTIONS INHERITED FROM PARENT COMMANDS
.PP
\fB\-\-api\-version\fP=""
    DEPRECATED: The API version to use when talking to the server

.PP
\fB\-\-as\fP=""
    Username to impersonate for the operation

.PP
\fB\-\-certificate\-authority\fP=""
    Path to a cert. file for the certificate authority

.PP
\fB\-\-client\-certificate\fP=""
    Path to a client certificate file for TLS

.PP
\fB\-\-client\-key\fP=""
    Path to a client key file for TLS

.PP
\fB\-\-cluster\fP=""
    The name of the kubeconfig cluster to use

.PP
\fB\-\-config\fP=""
    Path to the config file to use for CLI requests.

.PP
\fB\-\-context\fP=""
    The name of the kubeconfig context to use

.PP
\fB\-\-google\-json\-key\fP=""
    The Google Cloud Platform Service Account JSON Key to use for authentication.

.PP
\fB\-\-insecure\-skip\-tls\-verify\fP=false
    If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

.PP
\fB\-\-log\-flush\-frequency\fP=0
    Maximum number of seconds between log flushes

.PP
\fB\-\-match\-server\-version\fP=false
    Require server version to match client version

.PP
\fB\-n\fP, \fB\-\-namespace\fP=""
    If present, the namespace scope for this CLI request

.PP
\fB\-\-request\-timeout\fP="0"
    The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

.PP
\fB\-\-server\fP=""
    The address and port of the Kubernetes API server

.PP
\fB\-\-token\fP=""
    Bearer token for authentication to the API server

.PP
\fB\-\-user\fP=""
    The name of the kubeconfig user to use


.SH SEE ALSO
.PP
\fBopenshift\-admin(1)\fP,


.SH HISTORY
.PP
June 2016, Ported from the Kubernetes man\-doc generator