全域性證書管理

建立全域性證書

URI

POST /admin-api/global/1/certs

請求引數

  • label

    type: string

    required: no

    description: 證書的標籤 / 備註

  • server_cert

    type: string

    required: no (當使用手動上傳證書時,該欄位為必選)

    description: PEM 格式的證書檔案內容

  • priv_key

    type: string

    required: no (當使用手動上傳證書時,該欄位為必選)

    description: PEM 格式的證書私鑰檔案內容

  • cert_chain:

    type: string

    required: no

    description: 證書鏈。通常不需上傳

  • client_verify

    type: boolean

    required: no

    description: 是否使用客戶端證書驗證

  • ca_cert

    type: string

    required: no (當開啟客戶端證書校驗後,該欄位為必選)

    description: 被校驗的客戶端證書使用該 CA 簽發

  • acme_host

    type: string

    required: no (當使用 ACME 簽發證書時,該欄位為必選)

    description: 使用 ACME 服務提供商簽發證書。注意,全域性證書只支援泛域名的證書籤發, 如果要簽發非泛域名的證書,還請使用應用級別證書

  • acme_providers

    type: integer

    required: no

    description: 指定在全域性配置中 ACME 服務提供商的 id,如果未指定,則預設使用 Let’s Encrypt 進行證書籤發

  • acme_csr_type

    type: string

    required: no

    description: 指定 acme 簽發證書的加密演算法,目前支援 rsaec 兩種演算法,預設值為 rsa

  • acme_use_uploaded_key

    type: boolean

    required: no

    description: 是否在 ACME 簽發過程中使用使用者手動上傳的私鑰

  • acme_takeover

    type: boolean

    required: no

    description: 該選項指定手動上傳的證書,是否由指定的 ACME 服務更新,預設值為 false

請求示例

Shell

curl -X POST \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/global/1/certs \
  -d '{"acme_host":"*.example.com"}'

響應示例

Status: 200 OK
{
  "data": {"id": 1},
  "status": 0
}

獲取全域性證書列表

URI

GET /admin-api/global/1/certs

請求示例

Shell

curl \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/global/1/certs

響應示例

Status: 200 OK
{
  "data": [
    {
      "client_verify": false,
      "id": 1,
      "server_cert": "-----BEGIN CERTIFICATE----- xxxx",
      "acme_host": "*.example.com",
      "expdate": 123456789
    }
  ],
  "status": 0
}

修改全域性證書

URI

PUT /admin-api/global/1/certs/{cert_id}

請求示例

Shell

curl -X PUT \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/global/1/certs/1 \
  -d '{"acme_host": "*.test.com"}'

響應示例

Status: 200 OK
{"status":0}

刪除全域性證書

URI

DELETE /admin-api/global/1/certs/{cert_id}

請求示例

Shell

curl -X DELETE \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/global/1/certs/1 \

響應示例

Status: 200 OK
{ "status": 0 }

建立 ACME 提供商

URI

POST /admin-api/global/1/acme_providers

請求引數

  • name

    type: string

    required: yes

    description: ACME 提供商的名稱

  • endpoint

    type: string

    required: yes

    description: ACME 提供商的端點(URI)

  • eab_kid

    type: string

    required: yes

    description: EAB_KEY_ID field of ACME Provider

  • eab_hmac_key

    type: string

    required: yes

    description: EAB_HMAC_KEY field of ACME Provider

  • email

    type: string

    required: no

    description: email address

請求示例

Shell

curl -X POST \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/global/1/acme_providers \
  -d '{"name":"ZeroSSL","endpoint": "https://acme.zerossl.com/v2/DV90","eab_kid":"EAB_KEY_ID","eab_hmac_key":"EAB_HMAC_KEY"}'

響應示例

Status: 200 OK
{
  "data": {"id": 1},
  "status": 0
}

獲取 ACME 提供商列表

URI

GET /admin-api/global/1/acme_providers

請求示例

Shell

curl \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/global/1/acme_providers

響應示例

Status: 200 OK
{
  "data": [
    {
      "id": 1,
      "name": "ZeroSSL",
      "endpoint": "https://acme.zerossl.com/v2/DV90",
      "eab_kid": "EAB_KEY_ID",
      "eab_hmac_key": "EAB_HMAC_KEY"
    }
  ],
  "status": 0
}

更新 ACME 服務提供商

URI

PUT /admin-api/global/1/acme_providers/{provider_id}

請求示例

Shell

curl -X PUT \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/global/1/acme_providers/1 \
  -d '{"eab_kid":"EAB_KEY_ID_2"}'

響應示例

Status: 200 OK
{"status":0}

刪除 ACME 服務提供商

URI

DELETE /admin-api/global/1/acme_providers/{provider_id}

請求示例

Shell

curl -X DELETE \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/global/1/acme_providers/1 \

響應示例

Status: 200 OK
{"status": 0}