HTTPS
APISIX supports to load multiple SSL certificates by TLS extension Server Name Indication (SNI).
Single SNI#
It is most common for an SSL certificate to contain only one domain. We can create an ssl object. Here is a simple case, creates a ssl object and route object.
cert: PEM-encoded public certificate of the SSL key pair.key: PEM-encoded private key of the SSL key pair.snis: Hostname(s) to associate with this certificate as SNIs. To set this attribute this certificate must have a valid private key associated with it.
We will use the Python script below to simplify the example:
wildcard SNI#
Sometimes, one SSL certificate may contain a wildcard domain like *.test.com,
that means it can accept more than one domain, eg: www.test.com or mail.test.com.
Here is an example, note that the value we pass as sni is *.test.com.
multiple domain#
If your SSL certificate may contain more than one domain, like www.test.com
and mail.test.com, then you can add them into the snis array. For example:
multiple certificates for a single domain#
If you want to configure multiple certificate for a single domain, for
instance, supporting both the
ECC
and RSA key-exchange algorithm, then just configure the extra certificates (the
first certificate and private key should be still put in cert and key) and
private keys by certs and keys.
certs: PEM-encoded certificate array.keys: PEM-encoded private key array.
APISIX will pair certificate and private key with the same indice as a SSL key
pair. So the length of certs and keys must be same.