Difference between revisions of "X.509"

From wikieduonline
Jump to navigation Jump to search
Line 25: Line 25:
 
* [[Vault]]
 
* [[Vault]]
 
* [[Kubernetes]] [[cert-manager]]
 
* [[Kubernetes]] [[cert-manager]]
* <code>E1207 14:22:57.502748      1 scraper.go:140] "[[Failed to scrape node]]" err="Get \"https://172.30.2.2:10250/metrics/resource\": [[x509]]: cannot [[validate certificate]] for 172.30.2.2 because it doesn't contain any IP SANs" node="node01"</code>
+
* <code>E1207 14:22:57.502748      1 scraper.go:140] "[[Failed to scrape node]]" err="Get \"https://172.30.2.2:10250/metrics/resource\": [[x509]]: [[cannot validate certificate]] for 172.30.2.2 because it doesn't contain any IP SANs" node="node01"</code>
  
 
== See also ==
 
== See also ==

Revision as of 14:25, 7 December 2022

wikipedia:X.509 standard format for Public key certificate used in TLS.

Tools: openssl, keytool, certinfo (Cloudflare) https://github.com/cloudflare/cfssl/blob/master/certinfo/certinfo.go[1]


Examples

  • openssl x509 -inform pem -noout -text
  • openssl x509 -noout -text -in /path/to/your/cert.pem
  • keytool -printcert -file certificate.pem

Errors

  • Error response from daemon: Get https://URL/: x509: certificate signed by unknown authority

Security

  • ASN.1 and x509 parsers in the kernel have historically been quite problematic (CVE-2008-1673, CVE-2016-2053),

Activities

Related terms

See also

  • https://prefetch.net/blog/2019/12/10/converting-x509-certificates-to-json-objects/
  • Advertising: