2 分钟阅读 | 最后修改: 2024-03-11, 5:41:46 pm

为 OpenResty Edge 组件生成证书

你可以按照以下步骤来生成用于 OpenResty Edge 组件间通讯的证书。

下载脚本

curl -O https://openresty.com/client/oredge/openresty-edge-gen-cert.sh

生成 CA

运行脚本

bash openresty-edge-gen-cert.sh

输入操作序号 1

--- Welcome to OpenResty Inc Cert tool ---

[1] Generate Certificate Authority(CA)
[2] Generate Server Certificate for OpenResty Edge Admin
[3] Generate Server Certificate for OpenResty Edge Log Server
[4] Generate Server Certificate
What would you like to do? [1-4]:1
What you choose is: Generate Certificate Authority(CA).

根据提示输入：国家、地区、城市

Please enter Country Name (2 letter code): CN
Please enter State or Province Name (full name): Provincename
Please enter City Name (full name): Cityname

生成成功后将打印证书详情以及存储路径

Generating CA cert...
Successfully generated edge_ca.crt:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c7:76:e6:11:6c:b4:22:05
    Signature Algorithm: ecdsa-with-SHA256
    ...

[!] The results will be stored in directory: /tmp/edge-cert-tool-result-xxxxxx

生成 Admin 证书

运行脚本

bash openresty-edge-gen-cert.sh

输入操作序号 2

--- Welcome to OpenResty Inc Cert tool ---

[1] Generate Certificate Authority(CA)
[2] Generate Server Certificate for OpenResty Edge Admin
[3] Generate Server Certificate for OpenResty Edge Log Server
[4] Generate Server Certificate
What would you like to do? [1-4]:2
What you choose is: Generate Server Certificate for OpenResty Edge Admin.

根据提示输入：CA 证书的路径、国家、地区、城市、证书域名

Please enter the file path of the CA certificate:/tmp/edge-cert-tool-result-xxxxxx
Please enter Country Name (2 letter code): CN
Please enter State or Province Name (full name): Provincename
Please enter City Name (full name): Cityname
Please enter a domain name or wildcard domain name:*.admin.test.com

生成成功后将打印证书详情以及存储路径

Generating edge_admin cert...
Signature ok
subject=/C=CN/ST=Provincename/L=Cityname/O=OpenResty Inc/CN=*.admin.test.com
Getting CA Private Key
Successfully generated edge_admin.crt:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e9:d3:ba:3b:e8:6a:df:11
    Signature Algorithm: ecdsa-with-SHA256
    ...

[!] The results will be stored in directory: /tmp/edge-cert-tool-result-xxxxxx

生成 Log Server 证书

运行脚本

bash openresty-edge-gen-cert.sh

输入操作序号 3

--- Welcome to OpenResty Inc Cert tool ---

[1] Generate Certificate Authority(CA)
[2] Generate Server Certificate for OpenResty Edge Admin
[3] Generate Server Certificate for OpenResty Edge Log Server
[4] Generate Server Certificate
What would you like to do? [1-4]:3
What you choose is: Generate Server Certificate for OpenResty Edge Log Server.

根据提示输入：CA 证书的路径、国家、地区、城市、证书域名

Please enter the file path of the CA certificate:/tmp/edge-cert-tool-result-xxxxxx/edge_ca.crt
Please enter the file path of the CA key:/tmp/edge-cert-tool-result-xxxxxx/edge_ca.key
Please enter Country Name (2 letter code): CN
Please enter State or Province Name (full name): Provincename
Please enter City Name (full name): Cityname
Please enter a domain name or wildcard domain name:my.logserver.test.com

对于指定 CA 证书和秘钥，你也可以像前面生成 Edge Admin 证书那样使用文件夹。

生成成功后将打印证书详情以及存储路径

Generating edge_log_server cert...
Signature ok
subject=/C=CN/ST=Provincename/L=Cityname/O=OpenResty Inc/CN=my.logserver.test.com
Getting CA Private Key
Successfully generated edge_log_server.crt:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e9:d3:ba:3b:e8:6a:df:12
    Signature Algorithm: ecdsa-with-SHA256
    ...

[!] The results will be stored in directory: /tmp/edge-cert-tool-result-xxxxxx

为 OpenResty Edge 组件生成证书

# 下载脚本

# 生成 CA

# 生成 Admin 证书

# 生成 Log Server 证书

很乐意听到您的反馈，请与我们联系 👋

成功发送消息！

下载脚本

生成 CA

生成 Admin 证书

生成 Log Server 证书