Add Certificate Authorities - Plugin - v3.7.x

古いプラグインバージョンのドキュメントを閲覧しています。

To use this plugin, you must add certificate authority (CA) certificates. These are stored in a separate ca_certificates store rather than the main certificates store because they do not require private keys. To add one, obtain a PEM-encoded copy of your CA certificate and POST it to /ca_certificates:

Kong Admin API

Konnect

curl -X POST https://localhost:8001/ca_certificates \
  -F cert=@cert.pem

The response will contain an id value that can now be used for the mTLS plugin configurations or consumer mappings:

{
  "tags": null,
  "created_at": 1566597621,
  "cert": "-----BEGIN CERTIFICATE-----\FullPEMOmittedForBrevity==\n-----END CERTIFICATE-----\n",
  "id": "322dce96-d434-4e0d-9038-311b3520f0a3"
}

Go through the Gateway Manager:

In Konnect, click Gateway Manager.
Select the control plane you want to add the CA certificate to.
Click Certificates.
Select the CA Certificates tab.
Click + Add CA Certificate
Copy and paste your certificate information and click Save.

You can view your certificate listed in the Certificates tab.

To add a certificate via curl, you need:

Konnect control plane ID
A personal access token

curl -X POST https://konnect.konghq.com/api/control_planes/{controlPlaneID}/ca_certificates \
  -F cert=@testCACert.pem \
  --header "Authorization: Bearer TOKEN"

The id value returned can now be used for mTLS plugin configurations or consumer mappings.

前へ Mutual TLS Authenticationの基本構成例

次へ Manual Mappings Between Certificate and Consumer Objects