Estimated Reading time: 3 minutes | Last modified: 2024-10-12, 6:55:35 pm

App Certificate

SSL certificates are essential for protecting data transmission between websites and users, preventing data from being intercepted or tampered with by third parties. On your application’s SSL page, you can grant a global certificate for the entire application or add a specific SSL certificate by clicking the Add Certificate button.

Certificate Overview

Adding an Application Certificate

You can add an SSL certificate to your application by following these steps:

  1. Click the Add Certificate button.

Add Certificate

  1. Choose the certificate addition method:

    • Manual Upload: Upload your existing SSL private key and server certificate
    • Let’s Encrypt: Apply online for a free certificate issued by Let’s Encrypt
    • Generic ACME Issuer: Generate a certificate using other certificate issuers compliant with the ACME protocol
    • Global Certificate: Use a global certificate already configured in the system

  2. Configure client certificate requirements:

    • Yes: Enforce client certificate requirement
    • No: Do not require a client certificate
    • Optional: Flexibly control through the “Enable SSL Client Verify” action in page rules

  3. Set whether to make this certificate the default. The system will use the default certificate when a request cannot be matched to a specific certificate.

Manually Uploading a Certificate

Manual Certificate Upload

When choosing to upload an existing certificate manually, you can:

  • Directly upload certificate files or paste file contents.
  • Split the Server Certificate into two parts for upload: CA certification chain and server certificate, or combine both in the Server Certificate field.

Automatically Issuing Certificates Using Let’s Encrypt

Let’s Encrypt Certificate

Before using this method, please ensure your domain DNS is correctly resolved and points to your Edge Node gateway server.

Automatically Issuing Certificates Using Other ACME Issuers

ACME Certificate

Before using this method, you need to:

  1. Ensure that your domain DNS is correctly resolved and points to your Edge Node gateway server.
  2. Add information about certificate issuers such as ZeroSSL in the OpenResty Edge system.

ACME Issuer

Referencing Global Certificates

To reference a global certificate, follow these steps:

  1. First, create a global certificate.
  2. Assuming the application’s domain is test.com, select the global certificate *.test.com from the certificate dropdown list.
  3. Note: The certificate’s domain must match or cover the application’s domain. Otherwise, certificate validation will fail.

Select Global Certificate

Configuring Multiple ACME Certificates for the Same Domain

By default, OpenResty Edge only allows adding one ACME certificate for a domain. If you need to set up multiple ACME certificates for the same domain, follow these steps:

  1. Edit the configuration file: /usr/local/oredge-admin/conf/config.ini
  2. Add or modify the following configuration:
[acme]
acme_skip_duplicate_check = true

By setting acme_skip_duplicate_check = true, the system will allow multiple ACME certificates to be configured for the same domain.

  1. Restart the service to apply the configuration:
sudo systemctl start upgrade-oredge-admin

With these settings, you can flexibly manage SSL certificates for your applications, enhancing website security and credibility.