2 分鐘閱讀 | 最後修改: 0001-01-01, 0:00:00 am

為 OpenResty Edge 元件生成證書

你可以按照以下步驟來生成用於 OpenResty Edge 元件間通訊的證書。

下載指令碼

curl -O https://openresty.com/client/oredge/openresty-edge-gen-cert.sh

生成 CA

執行指令碼

bash openresty-edge-gen-cert.sh

輸入操作序號 1

--- Welcome to OpenResty Inc Cert tool ---

[1] Generate Certificate Authority(CA)
[2] Generate Server Certificate for OpenResty Edge Admin
[3] Generate Server Certificate for OpenResty Edge Log Server
[4] Generate Server Certificate
What would you like to do? [1-4]:1
What you choose is: Generate Certificate Authority(CA).

根據提示輸入：國家、地區、城市

Please enter Country Name (2 letter code): CN
Please enter State or Province Name (full name): Provincename
Please enter City Name (full name): Cityname

生成成功後將列印證書詳情以及儲存路徑

Generating CA cert...
Successfully generated edge_ca.crt:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c7:76:e6:11:6c:b4:22:05
    Signature Algorithm: ecdsa-with-SHA256
    ...

[!] The results will be stored in directory: /tmp/edge-cert-tool-result-xxxxxx

生成 Admin 證書

執行指令碼

bash openresty-edge-gen-cert.sh

輸入操作序號 2

--- Welcome to OpenResty Inc Cert tool ---

[1] Generate Certificate Authority(CA)
[2] Generate Server Certificate for OpenResty Edge Admin
[3] Generate Server Certificate for OpenResty Edge Log Server
[4] Generate Server Certificate
What would you like to do? [1-4]:2
What you choose is: Generate Server Certificate for OpenResty Edge Admin.

根據提示輸入：CA 證書的路徑、國家、地區、城市、證書域名

Please enter the file path of the CA certificate:/tmp/edge-cert-tool-result-xxxxxx
Please enter Country Name (2 letter code): CN
Please enter State or Province Name (full name): Provincename
Please enter City Name (full name): Cityname
Please enter a domain name or wildcard domain name:*.admin.test.com

生成成功後將列印證書詳情以及儲存路徑

Generating edge_admin cert...
Signature ok
subject=/C=CN/ST=Provincename/L=Cityname/O=OpenResty Inc/CN=*.admin.test.com
Getting CA Private Key
Successfully generated edge_admin.crt:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e9:d3:ba:3b:e8:6a:df:11
    Signature Algorithm: ecdsa-with-SHA256
    ...

[!] The results will be stored in directory: /tmp/edge-cert-tool-result-xxxxxx

生成 Log Server 證書

執行指令碼

bash openresty-edge-gen-cert.sh

輸入操作序號 3

--- Welcome to OpenResty Inc Cert tool ---

[1] Generate Certificate Authority(CA)
[2] Generate Server Certificate for OpenResty Edge Admin
[3] Generate Server Certificate for OpenResty Edge Log Server
[4] Generate Server Certificate
What would you like to do? [1-4]:3
What you choose is: Generate Server Certificate for OpenResty Edge Log Server.

根據提示輸入：CA 證書的路徑、國家、地區、城市、證書域名

Please enter the file path of the CA certificate:/tmp/edge-cert-tool-result-xxxxxx/edge_ca.crt
Please enter the file path of the CA key:/tmp/edge-cert-tool-result-xxxxxx/edge_ca.key
Please enter Country Name (2 letter code): CN
Please enter State or Province Name (full name): Provincename
Please enter City Name (full name): Cityname
Please enter a domain name or wildcard domain name:my.logserver.test.com

對於指定 CA 證書和秘鑰，你也可以像前面生成 Edge Admin 證書那樣使用資料夾。

生成成功後將列印證書詳情以及儲存路徑

Generating edge_log_server cert...
Signature ok
subject=/C=CN/ST=Provincename/L=Cityname/O=OpenResty Inc/CN=my.logserver.test.com
Getting CA Private Key
Successfully generated edge_log_server.crt:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e9:d3:ba:3b:e8:6a:df:12
    Signature Algorithm: ecdsa-with-SHA256
    ...

[!] The results will be stored in directory: /tmp/edge-cert-tool-result-xxxxxx

為 OpenResty Edge 元件生成證書

# 下載指令碼

# 生成 CA

# 生成 Admin 證書

# 生成 Log Server 證書

很樂意聽到您的反饋，請與我們聯絡 👋

成功傳送訊息！

下載指令碼

生成 CA

生成 Admin 證書

生成 Log Server 證書