Generate certificates for OpenResty Edge components

You can follow the steps below to generate a server certificate for OpenResty Edge components.

Download the script

curl -O https://openresty.com/client/oredge/openresty-edge-gen-cert.sh

Generate CA

  • Run the script
bash openresty-edge-gen-cert.sh
  • Enter number 1
--- Welcome to OpenResty Inc's Cert tool ---

[1] Generate a certificate authority (CA)
[2] Generate server certificate for OpenResty Edge administrator
[3] Generate server certificate for OpenResty Edge log server
[4] Generate server certificate
What do you want to do? [1-4]:1
You have selected: Generate Certificate Authority (CA).
  • Follow the prompts and enter: country, province, city
Please enter the country name (2 letter code). China
Please enter the name of the country or province (full name). Province name
Please enter the city name (full name). City name
  • The script will print the certificate details and storage path after the successful generation
Generate CA certificate...
Generate edge_ca.crt successfully.
Certificate.
    Data.
        Version: 3 (0x2)
        Sequence number.
            c7:76:e6:11:6c:b4:22:05
    Signature algorithm: ecdsa-with-SHA256
    ...

[!] The result will be stored in the directory. /tmp/edge-cert-tool-result-xxxxxx

Generate Admin certificate

  • Run the script
bash openresty-edge-gen-cert.sh
  • Enter number 2
--- Welcome to OpenResty Inc's Cert tool ---

[1] Generate certificate authority (CA)
[2] Generate server certificate for OpenResty Edge administrator
[3] Generate server certificate for OpenResty Edge log server
[4] Generate server certificate
What do you want to do? [1-4]:2
You have selected: Generate server certificate for OpenResty Edge administrator.
  • Follow the prompts and enter: CA certificate path, country, province, city, certificate domain
Please enter the CA certificate file path: /tmp/edge-cert-tool-result-xxxxxx
Please enter the name of the country (2 letter code). cn
Please input the name of state or province (full name). Province name
Please input city name (full name). City Name
Please enter the domain name or wildcard domain name: *.admin.test.com
  • The script will print certificate details and storage path after successful generation
Generating edge_admin certificate...
Signature determination
subject=/C=CN/ST=Provincename/L=Cityname/O=OpenResty Inc/CN=*.admin.test.com
Obtain CA private key
The edge_admin.crt was successfully generated.
Certificate.
    Data.
        Version: 3 (0x2)
        Sequence number.
            e9:d3:ba:3b:e8:6a:df:11
    Signature algorithm: ecdsa-with-SHA256
    ...

[!] The result will be stored in the directory. /tmp/edge-cert-tool-result-xxxxxx

Generate Log Server certificate

  • Run the script
bash openresty-edge-gen-cert.sh
  • Enter number 3
--- Welcome to OpenResty Inc's Cert tool ---

[1] Generate certificate authority (CA)
[2] Generate server certificate for OpenResty Edge administrator
[3] Generate server certificate for OpenResty Edge log server
[4] Generate server certificate
What do you want to do? [1-4]:3
You have selected: Generate Server Certificate for OpenResty Edge Log Server.
  • Follow the prompts to enter: CA certificate path, country, province, city, certificate domain name
Please input the file path of CA certificate: /tmp/edge-cert-tool-result-xxxxxx/edge_ca.crt
Please enter the file path of CA key: /tmp/edge-certol-result-xxxxxx/edge_ca.key
Please enter the country name (2 letter code). China
Please enter the name of the state or province (full name). Province name
Please enter the city name (full name). City name
Please enter the domain name or wildcard domain name: my.logserver.test.com

For the CA certificate and key, you can specify a folder instead of a specific file like the previously generated Edge Admin certificate.

  • The script will print the certificate details and the storage path after successful generation
Generate certificate for edge_log_server...
sign ok
subject=/C=CN/ST=Provincename/L=Cityname/O=OpenResty Inc/CN=my.logserver.test.com
Obtain CA private key
The edge_log_server.crt was successfully generated.
Certificate.
    Data.
        Version: 3 (0x2)
        Sequence number.
            e9:d3:ba:3b:e8:6a:df:12
    Signature algorithm: ecdsa-with-SHA256
    ...

[!] The result will be stored in the directory. /tmp/edge-cert-tool-result-xxxxxx