test/apisix
1
0
Fork 0
mirror of https://gitee.com/iresty/apisix.git synced 2024-12-02 20:17:35 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
3ccc5b8b82
apisix/docs/en/latest/mtls.md
罗泽轩 c3e03bb44a
docs: fix mtls example (#3850) 
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
2021-03-18 09:05:38 +08:00

2.1 KiB
Raw Blame History

title
Mutual TLS authentication for Admin API

Why use it

Mutual TLS authentication provides a better way to prevent unauthorized access to APISIX.

The clients will provide their certificates to the server and the server will check whether the cert is signed by the supplied CA and decide whether to serve the request.

How to enable

  1. Generate self-signed key pairs, including ca, server, client key pairs.

  2. Modify configuration items in conf/config.yaml:

  port_admin: 9180
  https_admin: true

  admin_api_mtls:
    admin_ssl_ca_cert: "/data/certs/mtls_ca.crt"              # Path of your self-signed ca cert.
    admin_ssl_cert: "/data/certs/mtls_server.crt"             # Path of your self-signed server side cert.
    admin_ssl_cert_key: "/data/certs/mtls_server.key"         # Path of your self-signed server side key.
  1. Run command:
apisix init
apisix reload

How client calls

Please replace the following certificate paths and domain name with your real ones.

  • Note: The same CA certificate as the server needs to be used *
curl --cacert /data/certs/mtls_ca.crt --key /data/certs/mtls_client.key --cert /data/certs/mtls_client.crt  https://admin.apisix.dev:9180/apisix/admin/routes -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1'