HTTPS Cert Management

Kato currently supports server-side certificate management to support the configuration of HTTPS access policies.

Prerequisites

  1. Purchase or self-issue a certificate for a specified domain name. The certificate must be a type supported by nginx.

Operating Procedures

  1. Enter the Team View/Gateway/Certificate Management page, you can query the added certificate, the expiration time of the certificate, and the issuing domain name on the page.
  2. Click Add Certificate, upload the purchased or issued certificate, and confirm the addition.
  3. Enter the access policy management, and select the certificate added in the previous step in the advanced routing parameters when adding the access policy? To complete the policy addition, note that the domain name of the policy must match the domain name issued by the certificate.

Https Ccertificate Issuance Automatically

Features:

  • Automatically apply for a certificate
  • Automatic renewal upon expiry
  • Dingding/Slack informs application status

Configure Kato console configuration file

  • Enterprise View> Settings> Automatic Certificate Issuance> Configure Certificate
{
    "aliyun_virginia":{
        "provider":"alidns",
        "env":{
            "ALICLOUD_POLLING_INTERVAL":"2",
            "ALICLOUD_SECRET_KEY":"ali sk",
            "ALICLOUD_PROPAGATION_TIMEOUT":"300",
            "ALICLOUD_ACCESS_KEY":"ali ak"
        }
    }
}
# Multiple, split.

Install the Certificate Issuance Controller

  • Install the certificate issuance controller from the Kato community open source store

    Create components based on the application market

  • Installation environment variable description:

KATO_OPENAPI_URL Kato console access address#Required
KATO_API_KEY kato openapi key # must# Personal Center> Access Token> Add
ACME_EMAIL let's encrypt email
ACME_KEY_TYPE is optional, the default is RSA4096
ACME_DIR_URL is optional, the default is https://acme-v02.api.letsencrypt.org/directory
ACME_STORAGE_PATH is optional, used to store certification information, default /opt/kato-cert-controller/storage
DINGTALK_AK Optional, used for DingTalk notification
DINGTALK_SK Optional, used for DingTalk notification
  • Modify the required environment variables after completion.

Use Certificate to Issue Controller