You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/09/26 05:55:11 UTC

[GitHub] [apisix] C2022021 opened a new issue, #7989: help request: SSL private key encryption?

C2022021 opened a new issue, #7989:
URL: https://github.com/apache/apisix/issues/7989

   ### Description
   
   OS: RHEL 8.6
   APISIX VERSION: 2.13.3
   APISIX DASHBOARD VERSION: 2.13.0
   
   I found `ssl` section in config-default.yaml has a `key_encrypt_salt` attribute, and comment of it said:
   \#  If not set, will save origin ssl key into etcd.
   \#  If set this, must be a string of length 16. And it will encrypt ssl key with AES-128-CBC
   \#  !!! So do not change it after saving your ssl, it can't decrypt the ssl keys have be saved if you change !!
   
   But, After I setting certificate and key through APISIX Dashboard, I still can get origin ssl key from etcd by command `etcdctl get --prefix "/apisix/ssl"` instead of encrypt string.
   I am confused that is the key encryption function has not imlpement for apisix version 2.13.3 on RHEL ? Or anything I had setting wrong in my config file?
   
   ### Environment
   
   - APISIX version (run `apisix version`):
   - Operating system (run `uname -a`):
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
   - APISIX Dashboard version, if relevant:
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] C2022021 closed issue #7989: help request: SSL private key encryption?

Posted by GitBox <gi...@apache.org>.

C2022021 closed issue #7989: help request: SSL private key encryption?
URL: https://github.com/apache/apisix/issues/7989


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] monkeyDluffy6017 commented on issue #7989: help request: SSL private key encryption?

Posted by GitBox <gi...@apache.org>.

monkeyDluffy6017 commented on issue #7989:
URL: https://github.com/apache/apisix/issues/7989#issuecomment-1259018740

   The upload cert apis in apisix-dashboard and apisix are different, the one in apisix will encrypt ssl key, and apisix-dashboard will not. you could upload ssl certs with `utils/create-ssl.py`, like `./create-ssl.py t.crt t.key test.com`, we would unify apisix-dashboard and apisix later.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] C2022021 commented on issue #7989: help request: SSL private key encryption?

Posted by GitBox <gi...@apache.org>.

C2022021 commented on issue #7989:
URL: https://github.com/apache/apisix/issues/7989#issuecomment-1259230718

   Thanks for your reply!!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #7989: help request: SSL private key encryption?

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #7989:
URL: https://github.com/apache/apisix/issues/7989#issuecomment-1257788065

   cc @bzp2010 . I'm not sure if this feature is implemented by Dashboard.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org