whg517
commented
1 month ago Closed whg517 closed 1 month ago
whg517
commented
1 month ago whg517
commented
1 month ago Certificate abstract:
keystore.p12 with keytool
keytool -v -list -storetype pkcs12 -keystore keystore.p12
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: 1
Creation date: Sep 10, 2024
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner:
Issuer: CN=secret-operator self-signed CA
Serial number: 83405e84b11c10b2
Valid from: Tue Sep 10 03:58:02 GMT 2024 until: Tue Sep 10 13:58:02 GMT 2024
Certificate fingerprints:
SHA1: 6A:D0:EE:97:D8:D6:A1:B7:50:11:07:C2:63:9F:6B:70:CF:96:EE:D3
SHA256: 18:DB:A5:A5:B6:FC:2C:54:B9:52:AD:0B:DB:03:EA:6F:7E:94:72:C2:CC:C0:DD:E5:77:28:F2:2D:B4:02:22:41
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 10 C0 0F 30 DA 5C CD 08 DD 96 D7 14 43 3F 17 FA ...0.\......C?..
0010: 49 DB ED 04 FF 3F 56 6A 45 37 86 75 ED E0 40 92 I....?VjE7.u..@.
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#3: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
#5: ObjectId: 2.5.29.17 Criticality=true
SubjectAlternativeName [
DNSName: zookeeper-operator-1.27.11-control-plane
DNSName: zookeepercluster-sample-server-default.chainsaw-wise-shark.svc.cluster.local
DNSName: zookeepercluster-sample-server-default-0.zookeepercluster-sample-server-default.chainsaw-wise-shark.svc.cluster.local
IPAddress: 172.18.0.2
]
#6: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: BA 80 EE 18 E4 65 E1 F2 A1 E1 C7 B0 AB 01 57 C0 .....e........W.
0010: 5A CA 2A 80 10 62 D0 BE 16 0F 0C 5B C5 08 11 2C Z.*..b.....[...,
]
]
Certificate[2]:
Owner: CN=secret-operator self-signed CA
Issuer: CN=secret-operator self-signed CA
Serial number: ba8b0d6effedf6b1
Valid from: Tue Sep 10 03:58:02 GMT 2024 until: Fri Sep 08 03:58:01 GMT 2034
Certificate fingerprints:
SHA1: 16:A9:51:78:F5:4B:E3:33:53:87:C3:94:D1:65:E3:80:91:68:9A:60
SHA256: A4:10:D3:F2:92:0E:D9:7A:B3:E8:C4:65:B3:07:B6:8D:D1:29:6B:C8:E2:10:B4:76:E0:A7:B1:68:4F:B1:89:C6
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 10 C0 0F 30 DA 5C CD 08 DD 96 D7 14 43 3F 17 FA ...0.\......C?..
0010: 49 DB ED 04 FF 3F 56 6A 45 37 86 75 ED E0 40 92 I....?VjE7.u..@.
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Key_CertSign
Crl_Sign
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 10 C0 0F 30 DA 5C CD 08 DD 96 D7 14 43 3F 17 FA ...0.\......C?..
0010: 49 DB ED 04 FF 3F 56 6A 45 37 86 75 ED E0 40 92 I....?VjE7.u..@.
]
]
*******************************************
*******************************************
truststore.p12 with keytool
[kubedoop@zookeepercluster-sample-server-default-0 quorum_tls]$ keytool -v -list -storetype pkcs12 -keystore truststore.p12
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: cn=secret-operator self-signed ca
Creation date: Sep 10, 2024
Entry type: trustedCertEntry
Owner: CN=secret-operator self-signed CA
Issuer: CN=secret-operator self-signed CA
Serial number: ba8b0d6effedf6b1
Valid from: Tue Sep 10 03:58:02 GMT 2024 until: Fri Sep 08 03:58:01 GMT 2034
Certificate fingerprints:
SHA1: 16:A9:51:78:F5:4B:E3:33:53:87:C3:94:D1:65:E3:80:91:68:9A:60
SHA256: A4:10:D3:F2:92:0E:D9:7A:B3:E8:C4:65:B3:07:B6:8D:D1:29:6B:C8:E2:10:B4:76:E0:A7:B1:68:4F:B1:89:C6
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 10 C0 0F 30 DA 5C CD 08 DD 96 D7 14 43 3F 17 FA ...0.\......C?..
0010: 49 DB ED 04 FF 3F 56 6A 45 37 86 75 ED E0 40 92 I....?VjE7.u..@.
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
Key_CertSign
Crl_Sign
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 10 C0 0F 30 DA 5C CD 08 DD 96 D7 14 43 3F 17 FA ...0.\......C?..
0010: 49 DB ED 04 FF 3F 56 6A 45 37 86 75 ED E0 40 92 I....?VjE7.u..@.
]
]
*******************************************
*******************************************
by openssl
keystore.p12 with openssl
openssl pkcs12 -in keystore.p12 -nodes | openssl x509 -text -noout
Enter Import Password:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
83:40:5e:84:b1:1c:10:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = secret-operator self-signed CA
Validity
Not Before: Sep 10 03:58:02 2024 GMT
Not After : Sep 10 13:58:02 2024 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:da:f6:93:77:35:be:3a:41:08:a0:e3:e6:c6:a8:
b9:60:36:36:ff:87:6e:09:6d:b0:ab:7b:b5:16:cb:
1b:bd:f3:48:f4:89:40:6d:80:d2:83:93:54:2e:31:
03:2f:94:67:b1:2a:19:9a:00:4c:fe:21:ea:ec:0f:
d4:ca:66:12:68:c1:2b:a9:3b:0f:ce:ac:43:80:1b:
7a:b2:3d:50:e3:1b:e8:ff:a4:02:00:cb:d3:38:4c:
b4:64:74:ff:be:42:ee:3f:1c:e6:17:e5:20:3d:b8:
2f:5c:31:64:8b:d3:b3:e1:41:8d:e2:8f:e0:e1:46:
53:de:1c:b3:8e:08:66:9a:af:96:ea:d1:48:4c:c0:
99:9f:fa:ad:86:48:4d:1d:63:4a:87:0b:23:5a:98:
34:76:62:0a:51:0c:84:9e:83:f4:fa:80:ee:62:3e:
33:5f:3e:f0:d9:4a:f9:5a:ed:be:65:2f:9e:8e:56:
bb:56:aa:14:f9:17:e8:d3:5c:ff:6f:7d:b9:75:5a:
51:75:8e:15:42:ca:e3:ab:3a:2b:04:e0:53:eb:de:
ac:81:2d:22:84:31:92:e0:c2:39:0f:85:02:ea:bd:
8e:22:32:13:25:f7:26:c9:03:e4:45:4b:79:0e:92:
78:f5:0d:4b:c6:8e:1f:57:b0:fb:f6:9c:36:9e:7b:
ce:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BA:80:EE:18:E4:65:E1:F2:A1:E1:C7:B0:AB:01:57:C0:5A:CA:2A:80:10:62:D0:BE:16:0F:0C:5B:C5:08:11:2C
X509v3 Authority Key Identifier:
10:C0:0F:30:DA:5C:CD:08:DD:96:D7:14:43:3F:17:FA:49:DB:ED:04:FF:3F:56:6A:45:37:86:75:ED:E0:40:92
X509v3 Subject Alternative Name: critical
DNS:zookeeper-operator-1.27.11-control-plane, DNS:zookeepercluster-sample-server-default.chainsaw-wise-shark.svc.cluster.local, DNS:zookeepercluster-sample-server-default-0.zookeepercluster-sample-server-default.chainsaw-wise-shark.svc.cluster.local, IP Address:172.18.0.2
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
6f:3c:43:bf:cb:f9:b2:80:2c:80:91:cc:c3:69:b1:ea:8b:11:
32:29:b2:d4:25:67:ee:91:d9:c7:8a:dd:f9:eb:45:22:de:ef:
e0:84:8c:36:43:b6:d8:d1:60:39:bc:16:67:52:c5:06:6d:75:
fb:05:51:81:1e:6f:b4:d1:1a:d0:35:24:3d:6b:12:c9:64:04:
c1:87:cd:ac:53:32:32:b8:9d:3b:1d:6c:08:ea:d2:4f:70:99:
d9:bf:c3:d8:5c:21:7f:5c:ba:d0:4b:a0:3d:6b:c6:8c:f1:82:
d6:32:63:7d:38:50:81:e2:1d:05:89:27:52:af:67:3e:33:cb:
5d:b1:8c:13:26:3c:b5:9c:ec:64:17:2e:9e:f3:05:6e:b8:35:
08:e9:a0:2c:6e:fb:7f:fc:89:e1:7b:31:ff:5f:3f:1a:7c:0c:
92:2e:11:fe:f1:8b:14:75:ad:05:3a:66:55:2f:bd:e3:c7:dd:
54:06:93:24:60:20:66:3b:a3:6b:48:9b:79:99:08:08:ae:c2:
12:aa:63:13:13:b5:23:bc:fe:c2:13:f9:de:87:0b:45:9e:12:
f6:00:99:3a:36:3e:cd:fa:51:e8:e9:92:e3:f2:6e:fc:ac:1c:
33:f7:d5:59:f3:20:e2:49:fe:5c:c2:c0:4d:cc:94:65:93:4a:
34:69:9c:a6
truststore.p12 with openssl
$ openssl pkcs12 -in truststore.p12 -nodes | openssl x509 -text -noout
Enter Import Password:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ba:8b:0d:6e:ff:ed:f6:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = secret-operator self-signed CA
Validity
Not Before: Sep 10 03:58:02 2024 GMT
Not After : Sep 8 03:58:01 2034 GMT
Subject: CN = secret-operator self-signed CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b8:99:39:cc:68:b2:dd:28:53:41:44:69:f9:4c:
76:10:35:d6:08:38:49:a8:8e:cf:03:01:ba:0d:4e:
57:f3:e4:eb:bc:2b:a5:c8:e4:d7:41:7c:f7:4e:3b:
d4:53:24:82:78:6a:15:86:82:31:6f:3f:ae:7e:f0:
18:b8:b3:c5:3b:13:2d:0c:2b:6d:de:eb:a9:6d:77:
4d:29:91:26:f9:e2:f7:a2:0c:61:50:ad:c4:fc:8f:
62:49:d6:ee:f2:08:cb:b1:f0:6a:1a:70:fc:8b:6b:
18:d4:67:c6:46:02:0e:0c:1e:9a:01:04:20:ec:af:
8d:ef:6e:b6:26:df:86:d6:aa:3c:03:3c:e6:5f:d7:
7a:7c:4d:8a:2d:b2:0d:85:27:bf:d7:de:57:93:79:
0a:ea:e9:79:f1:fe:79:0f:51:c8:c1:9f:b2:a8:0d:
9b:cd:b5:9b:a8:6f:a9:ae:b2:a5:38:0d:e2:34:26:
37:e4:87:ef:23:d0:e9:1a:14:40:d0:8f:99:91:4c:
89:d1:99:49:ab:fa:3a:b3:39:ef:b5:19:49:e2:78:
ac:69:b1:63:b0:f1:80:16:bb:36:f0:75:d7:8a:cd:
e5:ef:57:4a:7c:79:06:77:bb:af:f4:75:75:aa:91:
4f:b3:0a:55:20:16:65:8e:39:b0:d4:53:91:94:be:
7d:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
10:C0:0F:30:DA:5C:CD:08:DD:96:D7:14:43:3F:17:FA:49:DB:ED:04:FF:3F:56:6A:45:37:86:75:ED:E0:40:92
X509v3 Authority Key Identifier:
10:C0:0F:30:DA:5C:CD:08:DD:96:D7:14:43:3F:17:FA:49:DB:ED:04:FF:3F:56:6A:45:37:86:75:ED:E0:40:92
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
70:3e:ac:27:a2:98:3d:ef:88:e9:8c:15:31:3e:d0:64:7c:3d:
33:ff:ba:9a:47:fe:4e:bb:6d:95:89:4f:96:9a:a7:b6:08:73:
b9:88:dd:c0:be:9a:e1:1c:7b:21:86:47:75:e6:1c:70:c1:f1:
07:df:71:86:59:76:e4:61:ba:aa:7d:75:1f:e6:88:ef:ff:a9:
8a:ce:35:a0:d1:54:cb:db:c7:a9:32:50:0a:c6:4a:c5:32:95:
8f:d9:78:b3:bc:30:c3:83:53:9f:d0:88:cd:01:03:67:fd:e0:
8e:73:18:13:bd:a4:e8:e8:9f:28:e7:af:04:b9:70:6c:ba:22:
22:b4:dd:0c:9d:df:99:ec:9d:bf:3c:7f:f0:82:c0:c6:d4:a3:
ad:70:32:09:0b:a8:77:8c:48:61:02:94:39:20:a7:0b:43:e4:
82:a4:a8:d3:1a:70:ba:90:6a:ad:b2:2c:b3:c9:7c:d7:90:c3:
ea:19:3f:37:51:43:ec:f8:cb:28:b2:35:4d:5e:04:2e:3a:fc:
24:30:ac:c9:30:14:bb:88:de:bb:84:a8:dd:d8:e2:20:19:1c:
f4:07:b6:e6:e1:70:6e:c0:0b:5d:27:75:c2:43:44:a9:9f:53:
bc:74:66:0f:77:e8:4d:3a:4e:b9:92:40:2d:5c:f2:72:dc:d9:
17:6a:c5:4a
Describe the bug
zk cluster:
zk operator log is fine.
zk log:
System Info
Severity
Blocking usage of operator