Ceci Ivanov:
what is the difference between
openssl req -new -key and
openssl req -x509 -new -key ?
Alistair Mackay:
openssl req -new -key
is part of the command to generate a Certificate Signing Request using a key generated with the openssl genrsa command. A CSR can then be sent to a certificate authority to obtain a certificate. This is part of the procedure to get a cert for use in your kubeconfig file.
openssl req -x509 -new -key
is part of the command to generate a Self Signed Certificate directly from the key, whilst skipping the CSR phase. It might be used to create a CA certificate for a new cluster.
Ceci Ivanov:
thank you