跳转至

Configure egress certificates(配置出口证书)

Users within an enrollment can access the Egress certificates page under the Networking section of Control Panel to create and manage custom certificates for use within an enrollment.

Certificates establish trust between systems when initiating a connection by verifying their identities. Configured certificates can be applied to Data connection sources using a Foundry worker to establish a secure connection.

Two types of certificates can be configured:

  • Client certificate: Contains both a public certificate and a private key and allows Foundry to authenticate itself when connecting to external systems that require mutual TLS (mTLS) authentication.
  • Server certificate: Public certificate that allows Foundry to verify the identity of external systems using certificates signed by private Certificate Authorities (CAs). Server certificates are organized into bundles, allowing multiple related certificates to be grouped together.

Configure client certificates

Navigate to the Client certificates tab and select Create client certificate.

  1. Provide a certificate alias to identify your certificate.
  2. Add your client certificate in PEM format. Any additional intermediate certificates required to reach it must also be added.
  3. Add the corresponding private key in PEM format (PKCS#8 or RSA). Ensure this is the exact private key matching your certificate. Private keys are securely encrypted and stored in Foundry once uploaded.
  4. Configure who has access to read, import, and manage your certificate.

Configure server certificate bundles

Navigate to the Server certificate bundles tab and select Create server certificate bundle.

  1. Provide a name to identify your certificate bundle.
  2. Add your server certificates in PEM format. Each server certificate requires an alias. You can assign any number of server certificates to a bundle.
  3. Configure who has access to read, import, and manage your certificate bundle.

中文翻译

配置出口证书

注册用户可在控制面板网络部分访问出口证书页面,创建和管理注册内使用的自定义证书。

证书通过在建立连接时验证身份,在系统之间建立信任关系。配置的证书可应用于使用Foundry工作节点(Foundry worker)数据连接源(Data connection sources),以建立安全连接。

可配置两种类型的证书:

  • 客户端证书(Client certificate): 包含公钥证书和私钥,允许Foundry在连接需要双向TLS(mTLS)认证的外部系统时进行身份验证。
  • 服务器证书(Server certificate): 公钥证书,允许Foundry使用由私有证书颁发机构(CA)签名的证书验证外部系统的身份。服务器证书按捆绑包组织,便于将多个相关证书分组管理。

配置客户端证书

导航至客户端证书标签页,选择创建客户端证书

  1. 提供证书别名以标识您的证书。
  2. 以PEM格式添加客户端证书。如有需要,还需添加到达该证书所需的任何中间证书。
  3. 以PEM格式(PKCS#8RSA)添加对应的私钥。请确保这是与证书完全匹配的私钥。上传后,私钥将在Foundry中加密存储。
  4. 配置有权读取、导入和管理证书的用户。

配置服务器证书捆绑包

导航至服务器证书捆绑包标签页,选择创建服务器证书捆绑包

  1. 提供名称以标识您的证书捆绑包。
  2. 以PEM格式添加服务器证书。每个服务器证书都需要一个别名。您可以为捆绑包分配任意数量的服务器证书。
  3. 配置有权读取、导入和管理证书捆绑包的用户。