為 OpenResty Edge 元件生成證書

你可以按照以下步驟來生成用於 OpenResty Edge 元件間通訊的證書。

下載指令碼

curl -O https://openresty.com/client/oredge/openresty-edge-gen-cert.sh

生成 CA

  • 執行指令碼
bash openresty-edge-gen-cert.sh
  • 輸入操作序號 1
--- Welcome to OpenResty Inc Cert tool ---

[1] Generate Certificate Authority(CA)
[2] Generate Server Certificate for OpenResty Edge Admin
[3] Generate Server Certificate for OpenResty Edge Log Server
[4] Generate Server Certificate
What would you like to do? [1-4]:1
What you choose is: Generate Certificate Authority(CA).
  • 根據提示輸入:國家、地區、城市
Please enter Country Name (2 letter code): CN
Please enter State or Province Name (full name): Provincename
Please enter City Name (full name): Cityname
  • 生成成功後將列印證書詳情以及儲存路徑
Generating CA cert...
Successfully generated edge_ca.crt:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c7:76:e6:11:6c:b4:22:05
    Signature Algorithm: ecdsa-with-SHA256
    ...

[!] The results will be stored in directory: /tmp/edge-cert-tool-result-xxxxxx

生成 Admin 證書

  • 執行指令碼
bash openresty-edge-gen-cert.sh
  • 輸入操作序號 2
--- Welcome to OpenResty Inc Cert tool ---

[1] Generate Certificate Authority(CA)
[2] Generate Server Certificate for OpenResty Edge Admin
[3] Generate Server Certificate for OpenResty Edge Log Server
[4] Generate Server Certificate
What would you like to do? [1-4]:2
What you choose is: Generate Server Certificate for OpenResty Edge Admin.
  • 根據提示輸入:CA 證書的路徑、國家、地區、城市、證書域名
Please enter the file path of the CA certificate:/tmp/edge-cert-tool-result-xxxxxx
Please enter Country Name (2 letter code): CN
Please enter State or Province Name (full name): Provincename
Please enter City Name (full name): Cityname
Please enter a domain name or wildcard domain name:*.admin.test.com
  • 生成成功後將列印證書詳情以及儲存路徑
Generating edge_admin cert...
Signature ok
subject=/C=CN/ST=Provincename/L=Cityname/O=OpenResty Inc/CN=*.admin.test.com
Getting CA Private Key
Successfully generated edge_admin.crt:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e9:d3:ba:3b:e8:6a:df:11
    Signature Algorithm: ecdsa-with-SHA256
    ...

[!] The results will be stored in directory: /tmp/edge-cert-tool-result-xxxxxx

生成 Log Server 證書

  • 執行指令碼
bash openresty-edge-gen-cert.sh
  • 輸入操作序號 3
--- Welcome to OpenResty Inc Cert tool ---

[1] Generate Certificate Authority(CA)
[2] Generate Server Certificate for OpenResty Edge Admin
[3] Generate Server Certificate for OpenResty Edge Log Server
[4] Generate Server Certificate
What would you like to do? [1-4]:3
What you choose is: Generate Server Certificate for OpenResty Edge Log Server.
  • 根據提示輸入:CA 證書的路徑、國家、地區、城市、證書域名
Please enter the file path of the CA certificate:/tmp/edge-cert-tool-result-xxxxxx/edge_ca.crt
Please enter the file path of the CA key:/tmp/edge-cert-tool-result-xxxxxx/edge_ca.key
Please enter Country Name (2 letter code): CN
Please enter State or Province Name (full name): Provincename
Please enter City Name (full name): Cityname
Please enter a domain name or wildcard domain name:my.logserver.test.com

對於指定 CA 證書和秘鑰,你也可以像前面生成 Edge Admin 證書那樣使用資料夾。

  • 生成成功後將列印證書詳情以及儲存路徑
Generating edge_log_server cert...
Signature ok
subject=/C=CN/ST=Provincename/L=Cityname/O=OpenResty Inc/CN=my.logserver.test.com
Getting CA Private Key
Successfully generated edge_log_server.crt:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e9:d3:ba:3b:e8:6a:df:12
    Signature Algorithm: ecdsa-with-SHA256
    ...

[!] The results will be stored in directory: /tmp/edge-cert-tool-result-xxxxxx