Today I’d like to show how to upload your own SSL certificates to your HTTPS applications in OpenResty Edge.

Embeded image

As always, let’s go to the OpenResty Edge’s Admin web console. This is our sample deployment of the console. Every user has her own local deployment.

This time we use our continuing sample application for the test-edge.com domain.

Screenshot

We can see that it already listens on the 443 port for SSL.

Screenshot

Let’s enter this application.

Screenshot

Goto the SSL page.

Screenshot

We can see that there are no SSL certificates defined yet.

Screenshot

Let’s add a new certificate.

Screenshot

We support various ways to add a new SSL certificate, including Let’s Encrypt.

Screenshot

Here we’d just demonstrate the manual uploading way.

Screenshot

We can copy and paste our SSL private key in the PEM format here.

Screenshot

We could browse the local file system and upload a local file instead.

Screenshot

And also paste the corresponding SSL certificate in the PEM format.

Screenshot

Again, we could browse and upload a local certificate file instead.

Screenshot

Sometimes the CA may provide a separate file containing intermediate trusted CA certificate chain.

Screenshot

But more often the chain is already included in the server certificate file here.

Screenshot

We leave it blank for this example since we don’t have any.

Screenshot

Save our certificate and key pair.

Screenshot

We can see the record for our newly created certificate and key pair.

Screenshot

The certificate issuing source is manual upload.

Screenshot

And the certificate is for a single domain, test-edge.com.

Screenshot

And it will expire in about a year.

Screenshot

We can see the exact expiration time by hovering the mouse over it.

Screenshot

We can also edit an existing certificate.

Screenshot

We don’t make any changes here.

Screenshot

Or we can delete this certificate.

Screenshot

We don’t want to delete it now.

Screenshot

We can also disable a certificate without removing it.

Screenshot

We need to make a new release to push out our new certificate, as always.

Screenshot

Click on this button.

Screenshot

Ship it!

Screenshot

It is done now!

Screenshot

Now the new certificate has been pushed to all the gateway clusters and servers.

Screenshot

Our configuration changes do NOT require server reload, restart, or binary upgrade. So it’s very efficient and scalable.

Embeded image

Then we can pick up a gateway cluster server to test our new certificate.

Screenshot

We choose a gateway server here near San Francisco.

Screenshot

Copy its public IP address ending with 133.

Screenshot

On the terminal, we can send an HTTPS request to this gateway server.

1
curl -I --resolve 'test-edge.com:443:138.68.231.133' https://test-edge.com/

screenshot 2

It works!

We can check more details like the certificate information via the -v option.

1
curl -I --resolve 'test-edge.com:443:138.68.231.133' https://test-edge.com/ -v 2>&1 | less -n

We can indeed see our server certificate here.

screenshot 4

SSL certificate uploading can also be automated by OpenResty Edge’s REST API. We will demonstrate it in another video.

screenshot 6

This is what I’d love to cover today.

If you like this tutorial, please subscribe to this blog site and/or our Vimeo account and/or our YouTube channel. Thank you!

About This Article and Associated Video

This article and its associated video are both generated automatically by our OpenResty Showman product from a simple screenplay file.

About The Author

Yichun Zhang is the creator of the OpenResty® open source project. He is also the founder and CEO of the OpenResty Inc. company. He contributed a dozen open source Nginx 3rd-party modules, quite some Nginx and LuaJIT core patches, and designed products like OpenResty Edge, OpenResty XRay, and OpenResty Showman.

Translations

We provide the Chinese translation for this article on blog.openresty.com.cn. We welcome interested readers to contribute translations in other natural languages as long as the full article is translated without any omissions. We thank them in advance.

We are hiring

We always welcome talented and enthusiastic engineers to join our team at OpenResty Inc. to explore various open source software’s internals and build powerful analyzers and visualizers for real world applications built atop the open source software. If you are interested, please send your resume to talents@openresty.com . Thank you!