You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/11/23 14:18:22 UTC
[GitHub] [apisix] Hmemories opened a new issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Hmemories opened a new issue #2791:
URL: https://github.com/apache/apisix/issues/2791
### Issue description
### Environment
* apisix version (cmd: `apisix version`): 2.0
* OS: mac
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
starsz commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730244979
Hi, @Hmemories. You may have failed to get my point.
What I mean is that, when you put your SSL certificate through `/apisix/admin/ssl/{id}`,
the `cert` and `key` field in the request body should contain
```
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
```
Like this, Just put all the content in the SSL certificate to apisix.
```
curl http://127.0.0.1:9080/apisix/admin/ssl/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"cert": "-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----",
"key": "-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----",
"sni": "test.com"
}'
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander closed issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Posted by GitBox <gi...@apache.org>.
spacewander closed issue #2791:
URL: https://github.com/apache/apisix/issues/2791
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] idbeta edited a comment on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
idbeta edited a comment on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730250211
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730267243
@starsz ok
curl http://127.0.0.1:9080/apisix/admin/ssl/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"cert": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshFIfimTMxtgifJsLZuI
RW+OFipzscVzoK3H73JvQx4V4POdNQz4SV2ok59fgFywIAzDHRCm5Uhs51LIAJUu
QmoDZbJffBk8SNtwpIyTpjJYrsx0cxtq4wm8MPssc4lu/i2Isx5iKI0iorw8UNhG
nRFT0gHDOjSijW5LH8RvM5P21UmPNw8NtLaAfe+B4kGFqEZX5js+BPdo9ahnzLWo
k5PAn6HICFR+ojIGjvoOY7+0a7vXoDignWfsDVAg3/bzaIkKrrBc5A6h3SChxM4A
OFXYLmp7ndfeliFWJCvc0WySTXAg9StZUfawkTt/z43cCkSWvpF42jmFx9LR5gqH
UwIDAQAB",
"key": "MIIEogIBAAKCAQEAshFIfimTMxtgifJsLZuIRW+OFipzscVzoK3H73JvQx4V4POd
NQz4SV2ok59fgFywIAzDHRCm5Uhs51LIAJUuQmoDZbJffBk8SNtwpIyTpjJYrsx0
cxtq4wm8MPssc4lu/i2Isx5iKI0iorw8UNhGnRFT0gHDOjSijW5LH8RvM5P21UmP
Nw8NtLaAfe+B4kGFqEZX5js+BPdo9ahnzLWok5PAn6HICFR+ojIGjvoOY7+0a7vX
oDignWfsDVAg3/bzaIkKrrBc5A6h3SChxM4AOFXYLmp7ndfeliFWJCvc0WySTXAg
9StZUfawkTt/z43cCkSWvpF42jmFx9LR5gqHUwIDAQABAoIBAD26jhXmVbgO0o2f
s26wDzJ69JesicTjvSzDcZ8JXZa31D/SU/ozD9NnG2xpgFLgTtIdenoV7rVnQRGD
+f9xt8KgO6NCjaVYnjRnlgoFDZ48r8+Q4wGQTKJ+GnYkbIl06DxHDq+BZefG3W3q
sUIZZ4lFm3ge0k3YN02uIW7WyvHm0k9vc19IZIZnLVRtiHPE++znSgIj6a1CDvkF
CI5hNGzR3eRM7S5DgZq769J2AvJI+EfvRPfTopOlQE4IZqoxO6+pWmVcBcLdyuGL
OUlj0RCueTreDtnwemtW0MRx5jAloUXrPFoxXhefkBnR9JxTwD2KuWJ74d1S1hJI
FcIid5kCgYEA1nangqmAJXN4oEBeeEHrlRd3slZPULaNKMs//mZ1zpb5Nw0fcUQD
y3D2Z4vGYDitQsn7YJKNIgPdTCMp+BogHDdBXfFuZLbWAqnB1SaxqXOpCFcJ2swt
PXspHRFFFVgJSwgRVU87ivEFiH+YZgi2nYsRXao1peiNLz6RYC/x9g0CgYEA1I4T
DDfJwF46A5TrHbyI64ezPmL5WW7ewp2XH25R8GMvZ03aycF05+bbhT/TfcHUNCpZ
S6ADYZTMsKrH0303qzP4/SyatzS99c2ycb6m3SViElG8CcgKM4lQxDh+4VKa5JzQ
+Ny8luUH1L+MYRyksGQ8ZWIjrrE2NcdI5zlPet8CgYAAooVIa7wHYFohD0+4R2mt
HU6rZnoBoSi10DQ2SpNaszO1qAJJ0Yu5VHJGSDGkI0bQBc0KsiRcz2oeSZRcOaeS
rc8xuf87qRblFx+Nw/mOqNr9PVS4IxaXMgAjJ+Pudj5AzJtQh1WDycbcapRG6Qux
V7ILdu+FuDSCyUqg4EN1GQKBgFP8GyydsnrvAE8//TKPty4RPVKuOsYKl7wgFoFV
zsyD9EwGKCfF59JllmFtGby75IQEI6pM/GkHKWW45SH8fQ2JiJ1IjY1MKq6/6v0k
jrwctEZ2wyy+PMGmRSJzDDcts4QXLj7WwTGCJ3j5gpcwgSYtROvuPhkdbkULjBPI
wk3TAoGAa2sv24sGQxQofu/IjPx/OeJJSTQt4MxT3uQFGO4XDv3rbh4gV1DZ0bHV
VbZFb0XFkTXBoY3QGwTCxVmX/1AA5+aV4GoJOYsUjhxBMRGszf0oASwfcHdw6ZPv
gcffre5rKntdZGkJQ8eNoM9ZGGMNz0qKUuimHSc3Cluaj58WXzI=",
"sni": "test.com"
}'
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730193474
@starsz I saw anything unusual error.log
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730177710
Is this certificate signed self?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] idbeta edited a comment on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
idbeta edited a comment on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730250211
It’s difficult to use `curl` to send the certificate content here. I suggest you use python, like the following
```python
pem = '''-----BEGIN CERTIFICATE-----
... ...
-----END CERTIFICATE-----'''
key = '''-----BEGIN RSA PRIVATE KEY-----
... ...
-----END RSA PRIVATE KEY-----'''
cdata = {
"id": "1",
"cert": pem,
"key": key,
"snis": ["xxxx.org"]
}
headers = {
"X-API-KEY": "edd1c9f034335f136f87ad84b625c8f1"
}
r = requests.put("http://127.0.0.1:9080/apisix/admin/ssl/1",json = cdata,headers=headers)
print(r.text)
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
starsz commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730231082
Hi, @Hmemories, I think you should put the SSL certificate with
```
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730181999
Yes
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz edited a comment on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
starsz edited a comment on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730244979
Hi, @Hmemories. You may have failed to get my point.
What I mean is that, when you put your SSL certificate through `/apisix/admin/ssl/{id}`,
the `cert` and `key` field in the request body should contain
```
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
```
Like this, Just put all the content in the SSL certificate to apisix.
```
curl http://127.0.0.1:9080/apisix/admin/ssl/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"cert": "-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----",
"key": "-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----",
"sni": "test.com"
}'
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730270249
@idbeta ok ,I'll try
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz commented on issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Posted by GitBox <gi...@apache.org>.
starsz commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730353621
@Hmemories No.Like this.
```
curl http://127.0.0.1:9080/apisix/admin/ssl/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"cert": "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshFIfimTMxtgifJsLZuI
RW+OFipzscVzoK3H73JvQx4V4POdNQz4SV2ok59fgFywIAzDHRCm5Uhs51LIAJUu
QmoDZbJffBk8SNtwpIyTpjJYrsx0cxtq4wm8MPssc4lu/i2Isx5iKI0iorw8UNhG
nRFT0gHDOjSijW5LH8RvM5P21UmPNw8NtLaAfe+B4kGFqEZX5js+BPdo9ahnzLWo
k5PAn6HICFR+ojIGjvoOY7+0a7vXoDignWfsDVAg3/bzaIkKrrBc5A6h3SChxM4A
OFXYLmp7ndfeliFWJCvc0WySTXAg9StZUfawkTt/z43cCkSWvpF42jmFx9LR5gqH
UwIDAQAB
-----END PUBLIC KEY-----",
"key": "-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAshFIfimTMxtgifJsLZuIRW+OFipzscVzoK3H73JvQx4V4POd
NQz4SV2ok59fgFywIAzDHRCm5Uhs51LIAJUuQmoDZbJffBk8SNtwpIyTpjJYrsx0
cxtq4wm8MPssc4lu/i2Isx5iKI0iorw8UNhGnRFT0gHDOjSijW5LH8RvM5P21UmP
Nw8NtLaAfe+B4kGFqEZX5js+BPdo9ahnzLWok5PAn6HICFR+ojIGjvoOY7+0a7vX
oDignWfsDVAg3/bzaIkKrrBc5A6h3SChxM4AOFXYLmp7ndfeliFWJCvc0WySTXAg
9StZUfawkTt/z43cCkSWvpF42jmFx9LR5gqHUwIDAQABAoIBAD26jhXmVbgO0o2f
s26wDzJ69JesicTjvSzDcZ8JXZa31D/SU/ozD9NnG2xpgFLgTtIdenoV7rVnQRGD
+f9xt8KgO6NCjaVYnjRnlgoFDZ48r8+Q4wGQTKJ+GnYkbIl06DxHDq+BZefG3W3q
sUIZZ4lFm3ge0k3YN02uIW7WyvHm0k9vc19IZIZnLVRtiHPE++znSgIj6a1CDvkF
CI5hNGzR3eRM7S5DgZq769J2AvJI+EfvRPfTopOlQE4IZqoxO6+pWmVcBcLdyuGL
OUlj0RCueTreDtnwemtW0MRx5jAloUXrPFoxXhefkBnR9JxTwD2KuWJ74d1S1hJI
FcIid5kCgYEA1nangqmAJXN4oEBeeEHrlRd3slZPULaNKMs//mZ1zpb5Nw0fcUQD
y3D2Z4vGYDitQsn7YJKNIgPdTCMp+BogHDdBXfFuZLbWAqnB1SaxqXOpCFcJ2swt
PXspHRFFFVgJSwgRVU87ivEFiH+YZgi2nYsRXao1peiNLz6RYC/x9g0CgYEA1I4T
DDfJwF46A5TrHbyI64ezPmL5WW7ewp2XH25R8GMvZ03aycF05+bbhT/TfcHUNCpZ
S6ADYZTMsKrH0303qzP4/SyatzS99c2ycb6m3SViElG8CcgKM4lQxDh+4VKa5JzQ
+Ny8luUH1L+MYRyksGQ8ZWIjrrE2NcdI5zlPet8CgYAAooVIa7wHYFohD0+4R2mt
HU6rZnoBoSi10DQ2SpNaszO1qAJJ0Yu5VHJGSDGkI0bQBc0KsiRcz2oeSZRcOaeS
rc8xuf87qRblFx+Nw/mOqNr9PVS4IxaXMgAjJ+Pudj5AzJtQh1WDycbcapRG6Qux
V7ILdu+FuDSCyUqg4EN1GQKBgFP8GyydsnrvAE8//TKPty4RPVKuOsYKl7wgFoFV
zsyD9EwGKCfF59JllmFtGby75IQEI6pM/GkHKWW45SH8fQ2JiJ1IjY1MKq6/6v0k
jrwctEZ2wyy+PMGmRSJzDDcts4QXLj7WwTGCJ3j5gpcwgSYtROvuPhkdbkULjBPI
wk3TAoGAa2sv24sGQxQofu/IjPx/OeJJSTQt4MxT3uQFGO4XDv3rbh4gV1DZ0bHV
VbZFb0XFkTXBoY3QGwTCxVmX/1AA5+aV4GoJOYsUjhxBMRGszf0oASwfcHdw6ZPv
gcffre5rKntdZGkJQ8eNoM9ZGGMNz0qKUuimHSc3Cluaj58WXzI=
-----END RSA PRIVATE KEY-----",
"sni": "test.com"
}'
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730814243
@starsz I did it with you ,but it can‘t work
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] idbeta edited a comment on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
idbeta edited a comment on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730250211
It’s difficult to use `curl` to send the certificate content here. I suggest you use python, like the following
```python
pem = '''-----BEGIN CERTIFICATE-----
... ...
-----END CERTIFICATE-----'''
key = '''-----BEGIN RSA PRIVATE KEY-----
... ...
-----END RSA PRIVATE KEY-----'''
cdata = {
"id": "1",
"cert": pem,
"key": key,
"snis": ["xxxx.org"]
}
headers = {
"X-API-KEY": "edd1c9f034335f136f87ad84b625c8f1"
}
r = requests.put("http://127.0.0.1:9080/apisix/admin/ssl/1",json = cdata,headers=headers)
print(r.text)
```
**BTW: why don't you add a title for your issue?**
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730821902
ok,thanks
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] idbeta edited a comment on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
idbeta edited a comment on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730250211
It’s difficult to use `curl` to send the certificate content here. I suggest you use python, like the following
```python
pem = '''-----BEGIN CERTIFICATE-----
... ...
-----END CERTIFICATE-----'''
key = '''-----BEGIN RSA PRIVATE KEY-----
... ...
-----END RSA PRIVATE KEY-----'''
cdata = {
"id": "1",
"cert": pem,
"key": key,
"snis": ["xxxx.org"]
}
headers = {
"X-API-KEY": "edd1c9f034335f136f87ad84b625c8f1"
}
r = requests.put("http://127.0.0.1:9080/apisix/admin/ssl/1",json = cdata,headers=headers)
print(r.text)
```
BTW: why don't you add a title for your issue?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730233059
Here is my SSL certificate
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAshFIfimTMxtgifJsLZuIRW+OFipzscVzoK3H73JvQx4V4POd
NQz4SV2ok59fgFywIAzDHRCm5Uhs51LIAJUuQmoDZbJffBk8SNtwpIyTpjJYrsx0
cxtq4wm8MPssc4lu/i2Isx5iKI0iorw8UNhGnRFT0gHDOjSijW5LH8RvM5P21UmP
Nw8NtLaAfe+B4kGFqEZX5js+BPdo9ahnzLWok5PAn6HICFR+ojIGjvoOY7+0a7vX
oDignWfsDVAg3/bzaIkKrrBc5A6h3SChxM4AOFXYLmp7ndfeliFWJCvc0WySTXAg
9StZUfawkTt/z43cCkSWvpF42jmFx9LR5gqHUwIDAQABAoIBAD26jhXmVbgO0o2f
s26wDzJ69JesicTjvSzDcZ8JXZa31D/SU/ozD9NnG2xpgFLgTtIdenoV7rVnQRGD
+f9xt8KgO6NCjaVYnjRnlgoFDZ48r8+Q4wGQTKJ+GnYkbIl06DxHDq+BZefG3W3q
sUIZZ4lFm3ge0k3YN02uIW7WyvHm0k9vc19IZIZnLVRtiHPE++znSgIj6a1CDvkF
CI5hNGzR3eRM7S5DgZq769J2AvJI+EfvRPfTopOlQE4IZqoxO6+pWmVcBcLdyuGL
OUlj0RCueTreDtnwemtW0MRx5jAloUXrPFoxXhefkBnR9JxTwD2KuWJ74d1S1hJI
FcIid5kCgYEA1nangqmAJXN4oEBeeEHrlRd3slZPULaNKMs//mZ1zpb5Nw0fcUQD
y3D2Z4vGYDitQsn7YJKNIgPdTCMp+BogHDdBXfFuZLbWAqnB1SaxqXOpCFcJ2swt
PXspHRFFFVgJSwgRVU87ivEFiH+YZgi2nYsRXao1peiNLz6RYC/x9g0CgYEA1I4T
DDfJwF46A5TrHbyI64ezPmL5WW7ewp2XH25R8GMvZ03aycF05+bbhT/TfcHUNCpZ
S6ADYZTMsKrH0303qzP4/SyatzS99c2ycb6m3SViElG8CcgKM4lQxDh+4VKa5JzQ
+Ny8luUH1L+MYRyksGQ8ZWIjrrE2NcdI5zlPet8CgYAAooVIa7wHYFohD0+4R2mt
HU6rZnoBoSi10DQ2SpNaszO1qAJJ0Yu5VHJGSDGkI0bQBc0KsiRcz2oeSZRcOaeS
rc8xuf87qRblFx+Nw/mOqNr9PVS4IxaXMgAjJ+Pudj5AzJtQh1WDycbcapRG6Qux
V7ILdu+FuDSCyUqg4EN1GQKBgFP8GyydsnrvAE8//TKPty4RPVKuOsYKl7wgFoFV
zsyD9EwGKCfF59JllmFtGby75IQEI6pM/GkHKWW45SH8fQ2JiJ1IjY1MKq6/6v0k
jrwctEZ2wyy+PMGmRSJzDDcts4QXLj7WwTGCJ3j5gpcwgSYtROvuPhkdbkULjBPI
wk3TAoGAa2sv24sGQxQofu/IjPx/OeJJSTQt4MxT3uQFGO4XDv3rbh4gV1DZ0bHV
VbZFb0XFkTXBoY3QGwTCxVmX/1AA5+aV4GoJOYsUjhxBMRGszf0oASwfcHdw6ZPv
gcffre5rKntdZGkJQ8eNoM9ZGGMNz0qKUuimHSc3Cluaj58WXzI=
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshFIfimTMxtgifJsLZuI
RW+OFipzscVzoK3H73JvQx4V4POdNQz4SV2ok59fgFywIAzDHRCm5Uhs51LIAJUu
QmoDZbJffBk8SNtwpIyTpjJYrsx0cxtq4wm8MPssc4lu/i2Isx5iKI0iorw8UNhG
nRFT0gHDOjSijW5LH8RvM5P21UmPNw8NtLaAfe+B4kGFqEZX5js+BPdo9ahnzLWo
k5PAn6HICFR+ojIGjvoOY7+0a7vXoDignWfsDVAg3/bzaIkKrrBc5A6h3SChxM4A
OFXYLmp7ndfeliFWJCvc0WySTXAg9StZUfawkTt/z43cCkSWvpF42jmFx9LR5gqH
UwIDAQAB
-----END PUBLIC KEY-----
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz commented on issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Posted by GitBox <gi...@apache.org>.
starsz commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730821012
@Hmemories.Emmmm. You had only generated a private key yet.
And the next step, you should generate `.csr` and `.crt` by this key.
Finally, put the content in ".crt" and ".key" to apisix.
Maybe you should take some time on how to generate an SSL certificate.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730224321
I found that key changed to nil through Base64
SSL certificate was put in etcd
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] idbeta edited a comment on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
idbeta edited a comment on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730250211
It’s difficult to use `curl` to send the certificate content here. I suggest you use python, like the following
```python
pem = '''-----BEGIN CERTIFICATE-----
... ...
-----END CERTIFICATE-----'''
key = '''-----BEGIN RSA PRIVATE KEY-----
... ...
-----END RSA PRIVATE KEY-----'''
cdata = {
"id": "1",
"cert": pem,
"key": key,
"snis": ["xxxx.org"]
}
headers = {
"X-API-KEY": "edd1c9f034335f136f87ad84b625c8f1"
}
r = requests.put("http://127.0.0.1:9080/apisix/admin/ssl/1",json = cdata,headers=headers)
print(r.text)
```
**BTW: why don't you add a title for your issue?**
my env is master branch, it was working well
```
$ curl https://shaoyaoju.org:9443 -v
* Rebuilt URL to: https://shaoyaoju.org:9443/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 7890 (#0)
* Establish HTTP proxy tunnel to shaoyaoju.org:9443
> CONNECT shaoyaoju.org:9443 HTTP/1.1
> Host: shaoyaoju.org:9443
> User-Agent: curl/7.54.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] idbeta commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
idbeta commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730250211
It’s difficult to use curl to send the certificate content here. I suggest you use python, like the following
```python
pem = '''-----BEGIN CERTIFICATE-----
... ...
-----END CERTIFICATE-----'''
key = '''-----BEGIN RSA PRIVATE KEY-----
... ...
-----END RSA PRIVATE KEY-----'''
cdata = {
"id": "1",
"cert": pem,
"key": key,
"snis": ["shaoyaoju.org"]
}
headers = {
"X-API-KEY": "edd1c9f034335f136f87ad84b625c8f1"
}
r = requests.put("http://127.0.0.1:9080/apisix/admin/ssl/1",json = cdata,headers=headers)
print(r.text)
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
starsz commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730215351
Hi, @Hmemories, have you put your SSL certificate to apisix before? Or maybe you can check this by doing
```
etcdctl get /apisix/ssl --prefix --keys-only
```
See: https://github.com/apache/apisix/blob/master/doc/admin-api.md#ssl
In addition, I think it shouldn't cause Lua's thread to abort.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730183202
> Yes
Then that's an expected behavior, you may add the -k option to ignore the certificate verification.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz edited a comment on issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Posted by GitBox <gi...@apache.org>.
starsz edited a comment on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730353621
@Hmemories Like this:
```
curl http://127.0.0.1:9080/apisix/admin/ssl/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"cert": "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshFIfimTMxtgifJsLZuI
RW+OFipzscVzoK3H73JvQx4V4POdNQz4SV2ok59fgFywIAzDHRCm5Uhs51LIAJUu
QmoDZbJffBk8SNtwpIyTpjJYrsx0cxtq4wm8MPssc4lu/i2Isx5iKI0iorw8UNhG
nRFT0gHDOjSijW5LH8RvM5P21UmPNw8NtLaAfe+B4kGFqEZX5js+BPdo9ahnzLWo
k5PAn6HICFR+ojIGjvoOY7+0a7vXoDignWfsDVAg3/bzaIkKrrBc5A6h3SChxM4A
OFXYLmp7ndfeliFWJCvc0WySTXAg9StZUfawkTt/z43cCkSWvpF42jmFx9LR5gqH
UwIDAQAB
-----END PUBLIC KEY-----",
"key": "-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAshFIfimTMxtgifJsLZuIRW+OFipzscVzoK3H73JvQx4V4POd
NQz4SV2ok59fgFywIAzDHRCm5Uhs51LIAJUuQmoDZbJffBk8SNtwpIyTpjJYrsx0
cxtq4wm8MPssc4lu/i2Isx5iKI0iorw8UNhGnRFT0gHDOjSijW5LH8RvM5P21UmP
Nw8NtLaAfe+B4kGFqEZX5js+BPdo9ahnzLWok5PAn6HICFR+ojIGjvoOY7+0a7vX
oDignWfsDVAg3/bzaIkKrrBc5A6h3SChxM4AOFXYLmp7ndfeliFWJCvc0WySTXAg
9StZUfawkTt/z43cCkSWvpF42jmFx9LR5gqHUwIDAQABAoIBAD26jhXmVbgO0o2f
s26wDzJ69JesicTjvSzDcZ8JXZa31D/SU/ozD9NnG2xpgFLgTtIdenoV7rVnQRGD
+f9xt8KgO6NCjaVYnjRnlgoFDZ48r8+Q4wGQTKJ+GnYkbIl06DxHDq+BZefG3W3q
sUIZZ4lFm3ge0k3YN02uIW7WyvHm0k9vc19IZIZnLVRtiHPE++znSgIj6a1CDvkF
CI5hNGzR3eRM7S5DgZq769J2AvJI+EfvRPfTopOlQE4IZqoxO6+pWmVcBcLdyuGL
OUlj0RCueTreDtnwemtW0MRx5jAloUXrPFoxXhefkBnR9JxTwD2KuWJ74d1S1hJI
FcIid5kCgYEA1nangqmAJXN4oEBeeEHrlRd3slZPULaNKMs//mZ1zpb5Nw0fcUQD
y3D2Z4vGYDitQsn7YJKNIgPdTCMp+BogHDdBXfFuZLbWAqnB1SaxqXOpCFcJ2swt
PXspHRFFFVgJSwgRVU87ivEFiH+YZgi2nYsRXao1peiNLz6RYC/x9g0CgYEA1I4T
DDfJwF46A5TrHbyI64ezPmL5WW7ewp2XH25R8GMvZ03aycF05+bbhT/TfcHUNCpZ
S6ADYZTMsKrH0303qzP4/SyatzS99c2ycb6m3SViElG8CcgKM4lQxDh+4VKa5JzQ
+Ny8luUH1L+MYRyksGQ8ZWIjrrE2NcdI5zlPet8CgYAAooVIa7wHYFohD0+4R2mt
HU6rZnoBoSi10DQ2SpNaszO1qAJJ0Yu5VHJGSDGkI0bQBc0KsiRcz2oeSZRcOaeS
rc8xuf87qRblFx+Nw/mOqNr9PVS4IxaXMgAjJ+Pudj5AzJtQh1WDycbcapRG6Qux
V7ILdu+FuDSCyUqg4EN1GQKBgFP8GyydsnrvAE8//TKPty4RPVKuOsYKl7wgFoFV
zsyD9EwGKCfF59JllmFtGby75IQEI6pM/GkHKWW45SH8fQ2JiJ1IjY1MKq6/6v0k
jrwctEZ2wyy+PMGmRSJzDDcts4QXLj7WwTGCJ3j5gpcwgSYtROvuPhkdbkULjBPI
wk3TAoGAa2sv24sGQxQofu/IjPx/OeJJSTQt4MxT3uQFGO4XDv3rbh4gV1DZ0bHV
VbZFb0XFkTXBoY3QGwTCxVmX/1AA5+aV4GoJOYsUjhxBMRGszf0oASwfcHdw6ZPv
gcffre5rKntdZGkJQ8eNoM9ZGGMNz0qKUuimHSc3Cluaj58WXzI=
-----END RSA PRIVATE KEY-----",
"sni": "test.com"
}'
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730152808
I configured SSL locally and access failed
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz commented on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
starsz commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730191124
Hi, @Hmemories, have you checked your error log?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories commented on issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Posted by GitBox <gi...@apache.org>.
Hmemories commented on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730807380
@starsz ok, I got it
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Hmemories closed issue #2791: request help: After put my SSL certificate to apisix ,I curl https and then meet some problem
Posted by GitBox <gi...@apache.org>.
Hmemories closed issue #2791:
URL: https://github.com/apache/apisix/issues/2791
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] idbeta edited a comment on issue #2791: request help:
Posted by GitBox <gi...@apache.org>.
idbeta edited a comment on issue #2791:
URL: https://github.com/apache/apisix/issues/2791#issuecomment-730250211
It’s difficult to use curl to send the certificate content here. I suggest you use python, like the following
```python
pem = '''-----BEGIN CERTIFICATE-----
... ...
-----END CERTIFICATE-----'''
key = '''-----BEGIN RSA PRIVATE KEY-----
... ...
-----END RSA PRIVATE KEY-----'''
cdata = {
"id": "1",
"cert": pem,
"key": key,
"snis": ["xxxx.org"]
}
headers = {
"X-API-KEY": "edd1c9f034335f136f87ad84b625c8f1"
}
r = requests.put("http://127.0.0.1:9080/apisix/admin/ssl/1",json = cdata,headers=headers)
print(r.text)
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org