Certificates
All generated and imported certificates are listed in the https://otoroshi.xxxx/bo/dashboard/certificates
page. All those certificates can be used to serve traffic with TLS, perform mTLS calls, sign and verify JWT tokens.
The list of available actions are:
Add item
: redirects the user on the certificate creation page. It’s useful when you already had a certificate (like a pem file) and that you want to load it in Otoroshi.Let's Encrypt certificate
: asks a certificate matching a given host to Let’s encryptCreate certificate
: issues a certificate with an existing Otoroshi certificate as CA.Import .p12 file
: loads a p12 file as certificate
Add item
Id
: the generated unique id of the certificateName
: the name of the certificateDescription
: the description of the certificateAuto renew cert.
: certificate will be issued when it will be expired. Only works with a CA from Otoroshi and a known private keyClient cert.
: the certificate generated will be used to identicate a client to a serverKeypair
: the certificate entity will be a pair of public key and private key.Public key exposed
: if true, the public key will be exposed onhttp://otoroshi-api.your-domain/.well-known/jwks.json
Certificate status
: the current status of the certificate. It can be valid if the certificate is not revoked and not expired, or equal to the reason of the revocationCertificate full chain
: list of certificates used to authenticate a client or a serverCertificate private key
: the private key of the certificate or nothing if wanted. You can omit it if you want just add a certificte full chain to trust them.Private key password
: the password to protect the private keyCertificate tags
: the tags attached to the certificateCertaificate metadata
: the metadata attached to the certificate
Let’s Encrypt certificate
Let's encrypt
: if enabled, the certificate will be generated by Let’s Encrypt. If disabled, the user will be redirect to theCreate certificate
pageHost
: the host send to Let’s encrypt to issue the certificate
Create certificate view
Issuer
: the CA used to sign your certificateCA certificate
: if enabled, the certificate will be used as an authority certificate. Once generated, it will be use as CA to sign the new certificatesLet's Encrypt
: redirects to the Let’s Encrypt page to request a certificateClient certificate
: the certificate generated will be used to identicate a client to a serverInclude A.I.A
: include authority information access urls in the certificateKey Type
: the type of the private keyKey Size
: the size of the private keySignature Algorithm
: the signature algorithm used to sign the certificateDigest Algorithm
: the digest algorithm usedValidity
: how much time your certificate will be validSubject DN
: the subject DN of your certificateHosts
: the hosts of your certificate