I can't find the proper steps / commands in <http://kubernetes.io|kubernetes.io . . .

Manoj GR:
I can’t find the proper steps / commands in http://kubernetes.io|kubernetes.io to generate a public key and private key for CA and also to sign the certificates. Can anyone tell me how to find that ?

Mani:
openssl genrsa -out myuser.key 2048 ----> for pvt key
openssl req -new -key myuser.key -out myuser.csr -----> for csr with the help of pvt key

Manoj GR:
Thanks @Mani

Sambasiva Rao:
openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt --> cmd to sign certificate

Manoj GR:
Thanks @Sambasiva Rao

Manoj GR:
How do we renew the expired TLS certificates?

Sidd:
@Mani are these commands available on k8s docs?

Mani:
It’s available here https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers

Mani:
Once TLS expired, we have to create csr object using the .csr file that we generated using the above commands and apporve it using the command
#kubectl certificate approve <csr object name>