openssl genpkey -algorithm RSA -out mip_private_key.pem openssl req -new -key mip_private_key.pem -out mip_csr.pem openssl x509 -req -days 365 -in mip_csr.pem -signkey mip_private_key.pem -out mip_certificate.pem mip_certificate.pem ÆÄÀÏÀ» µî·ÏÇÏ¸é µÊ. https://blog.naver.com/PostView.nhn?blogId=simjin1984&logNo=60096310704 https://blog.naver.com/PostView.nhn?blogId=techshare&logNo=222310287349 ÀÎÁõ¼­ °ü·Ã(CER, PVK, SPC, PFX) ÆÄÀÏ ¸¸µå´Â ¹æ¹ý ; https://www.sysnet.pe.kr/2/0/863 JKS(Java Key Store)¿¡ ÀúÀåµÈ ÀÎÁõ¼­¸¦ ActiveX ÄÚµå ¼­¸í¿¡ »ç¿ëÇÏ´Â ¹æ¹ý ; https://www.sysnet.pe.kr/2/0/882 .keystore ÆÄÀÏ¿¡ ÀúÀåµÈ °³ÀÎŰ ÃßÃâ¹æ¹ý°ú ÀÎÁõ±â°üÀ¸·ÎºÎÅÍ ¿Â °ø°³Å°¸¦ ÇÕÄ£ pfx ÆÄÀÏ ¸¸µå´Â ¹æ¹ý ; https://www.sysnet.pe.kr/2/0/1262 Docker Desktop for Windows - kubectl proxy ¾øÀÌ k8s ´ë½Ãº¸µå Á¢±Ù ¹æ¹ý ; https://www.sysnet.pe.kr/2/0/12593#cert https://learn.microsoft.com/ko-kr/dotnet/core/additional-tools/self-signed-certificates-guide ¿ìºÐÅõ ¼Ð¿¡¼­ ¸í·É¾î ½ÇÇà PARENT="mip_gateway" openssl req \ -x509 \ -newkey rsa:4096 \ -sha256 \ -days 999999 \ -nodes \ -keyout $PARENT.key \ -out $PARENT.crt \ -subj "/CN=${PARENT}" \ -extensions v3_ca \ -extensions v3_req \ -config <( \ echo '[req]'; \ echo 'default_bits= 4096'; \ echo 'distinguished_name=req'; \ echo 'x509_extension = v3_ca'; \ echo 'req_extensions = v3_req'; \ echo '[v3_req]'; \ echo 'basicConstraints = CA:FALSE'; \ echo 'keyUsage = nonRepudiation, digitalSignature, keyEncipherment'; \ echo 'subjectAltName = @alt_names'; \ echo '[ alt_names ]'; \ echo "DNS.1 = www.${PARENT}"; \ echo "DNS.2 = ${PARENT}"; \ echo '[ v3_ca ]'; \ echo 'subjectKeyIdentifier=hash'; \ echo 'authorityKeyIdentifier=keyid:always,issuer'; \ echo 'basicConstraints = critical, CA:TRUE, pathlen:0'; \ echo 'keyUsage = critical, cRLSign, keyCertSign'; \ echo 'extendedKeyUsage = serverAuth, clientAuth') openssl x509 -noout -text -in $PARENT.crt openssl pkcs12 -export -out $PARENT.pfx -inkey $PARENT.key -in $PARENT.crt Import-Certificate -FilePath mip_gateway.crt -CertStoreLocation 'Cert:\LocalMachine\Root'