全域性證書管理
建立全域性證書
URI
POST /admin-api/global/1/certs
請求引數
label
type: string
required: no
description: 證書的標籤 / 備註
server_cert
type: string
required: no (當使用手動上傳證書時,該欄位為必選)
description: PEM 格式的證書檔案內容
priv_key
type: string
required: no (當使用手動上傳證書時,該欄位為必選)
description: PEM 格式的證書私鑰檔案內容
cert_chain:
type: string
required: no
description: 證書鏈。通常不需上傳
client_verify
type: boolean
required: no
description: 是否使用客戶端證書驗證
ca_cert
type: string
required: no (當開啟客戶端證書校驗後,該欄位為必選)
description: 被校驗的客戶端證書使用該 CA 簽發
acme_host
type: string
required: no (當使用 ACME 簽發證書時,該欄位為必選)
description: 使用 ACME 服務提供商簽發證書。注意,全域性證書只支援泛域名的證書籤發, 如果要簽發非泛域名的證書,還請使用應用級別證書
acme_providers
type: integer
required: no
description: 指定在全域性配置中 ACME 服務提供商的 id,如果未指定,則預設使用 Let’s Encrypt 進行證書籤發
acme_csr_type
type: string
required: no
description: 指定 acme 簽發證書的加密演算法,目前支援
rsa和ec兩種演算法,預設值為rsaacme_use_uploaded_key
type: boolean
required: no
description: 是否在 ACME 簽發過程中使用使用者手動上傳的私鑰
acme_takeover
type: boolean
required: no
description: 該選項指定手動上傳的證書,是否由指定的 ACME 服務更新,預設值為
false
請求示例
Shell
curl -X POST \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
http://{admin-site}/admin-api/global/1/certs \
-d '{"acme_host":"*.example.com"}'
響應示例
Status: 200 OK
{
"data": {"id": 1},
"status": 0
}
獲取全域性證書列表
URI
GET /admin-api/global/1/certs
請求示例
Shell
curl \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
http://{admin-site}/admin-api/global/1/certs
響應示例
Status: 200 OK
{
"data": [
{
"client_verify": false,
"id": 1,
"server_cert": "-----BEGIN CERTIFICATE----- xxxx",
"acme_host": "*.example.com",
"expdate": 123456789
}
],
"status": 0
}
修改全域性證書
URI
PUT /admin-api/global/1/certs/{cert_id}
請求示例
Shell
curl -X PUT \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
http://{admin-site}/admin-api/global/1/certs/1 \
-d '{"acme_host": "*.test.com"}'
響應示例
Status: 200 OK
{"status":0}
刪除全域性證書
URI
DELETE /admin-api/global/1/certs/{cert_id}
請求示例
Shell
curl -X DELETE \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
http://{admin-site}/admin-api/global/1/certs/1 \
響應示例
Status: 200 OK
{ "status": 0 }
建立 ACME 提供商
URI
POST /admin-api/global/1/acme_providers
請求引數
name
type: string
required: yes
description: ACME 提供商的名稱
endpoint
type: string
required: yes
description: ACME 提供商的端點(URI)
eab_kid
type: string
required: yes
description: EAB_KEY_ID field of ACME Provider
eab_hmac_key
type: string
required: yes
description: EAB_HMAC_KEY field of ACME Provider
email
type: string
required: no
description: email address
請求示例
Shell
curl -X POST \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
http://{admin-site}/admin-api/global/1/acme_providers \
-d '{"name":"ZeroSSL","endpoint": "https://acme.zerossl.com/v2/DV90","eab_kid":"EAB_KEY_ID","eab_hmac_key":"EAB_HMAC_KEY"}'
響應示例
Status: 200 OK
{
"data": {"id": 1},
"status": 0
}
獲取 ACME 提供商列表
URI
GET /admin-api/global/1/acme_providers
請求示例
Shell
curl \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
http://{admin-site}/admin-api/global/1/acme_providers
響應示例
Status: 200 OK
{
"data": [
{
"id": 1,
"name": "ZeroSSL",
"endpoint": "https://acme.zerossl.com/v2/DV90",
"eab_kid": "EAB_KEY_ID",
"eab_hmac_key": "EAB_HMAC_KEY"
}
],
"status": 0
}
更新 ACME 服務提供商
URI
PUT /admin-api/global/1/acme_providers/{provider_id}
請求示例
Shell
curl -X PUT \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
http://{admin-site}/admin-api/global/1/acme_providers/1 \
-d '{"eab_kid":"EAB_KEY_ID_2"}'
響應示例
Status: 200 OK
{"status":0}
刪除 ACME 服務提供商
URI
DELETE /admin-api/global/1/acme_providers/{provider_id}
請求示例
Shell
curl -X DELETE \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
http://{admin-site}/admin-api/global/1/acme_providers/1 \
響應示例
Status: 200 OK
{"status": 0}