Merge pull request #67910 from liztio/cert-renewal

Automatic merge from submit-queue (batch tested with PRs 64283, 67910, 67803, 68100). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md. Kubeadm Cert Renewal **What this PR does / why we need it**: adds explicit support for renewal of certificates via command **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes kubernetes/kubeadm#206 **Special notes for your reviewer**: The targeted documentation is at kubernetes/website#9712 **Release note**: ```release-note Adds the commands `kubeadm alpha phases renew <cert-name>` ``` Kubernetes-commit: 17dde46baebe0b67421132af7b99b42d89ea4cd0
2025-06-26 23:17:34 +00:00 · 2018-08-31 16:46:37 -07:00 · 2018-08-31 16:46:37 -07:00 · ec724c24d1
commit ec724c24d1
parent 87935b98dd 22e1ddcc48
2 changed files with 85 additions and 84 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -272,335 +272,335 @@
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1alpha1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta2",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta2",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v2alpha1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/certificates/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/coordination/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/core/v1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/events/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/extensions/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/imagepolicy/v1alpha1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/networking/v1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/policy/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1alpha1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1alpha1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/settings/v1alpha1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1alpha1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1beta1",
-			"Rev": "d150a58332329a1cd3e80959b04f5487a8be7149"
+			"Rev": "fcb01e9febf3e72ae9b6eff41f2d02ffdea4dda1"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/fuzzer",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/roundtrip",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/equality",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/errors",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/meta",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/resource",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1beta1",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/fields",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/labels",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/schema",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/selection",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/types",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/cache",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/clock",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/diff",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/errors",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/framer",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream/spdy",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/intstr",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/json",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/naming",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/net",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/remotecommand",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/runtime",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/sets",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation/field",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/wait",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/yaml",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/version",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/watch",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect",
-			"Rev": "c6b66c9c507abbefa93ad83f7fe8c9b52ca1ae30"
+			"Rev": "7022e8e5e6f8d55cdc303669184073a493482496"
 		},
 		{
 			"ImportPath": "k8s.io/kube-openapi/pkg/util/proto",
--- a/util/cert/cert.go
+++ b/util/cert/cert.go
@ -20,6 +20,7 @@ import (
 	"bytes"
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/rand"
 	cryptorand "crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
@ -87,7 +88,7 @@ func NewSelfSignedCACert(cfg Config, key *rsa.PrivateKey) (*x509.Certificate, er

 // NewSignedCert creates a signed certificate using the given CA certificate and key
 func NewSignedCert(cfg Config, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error) {
-	serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64))
+	serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
 	if err != nil {
 		return nil, err
 	}