How to configure Apache APISIX with RSA & ECC dual certificates for the same domain?

Question

I am configuring a certificate for my domain on APISIX and I would like to know how to configure both types of certificates?

Answer 1

APISIX supports loading multiple SSL certificates by TLS extension Server Name Indication (SNI). You can use the APISIX Admin API for SSL to create SSL objects in APISIX. And as the documentation quotes:

Multiple certificates for a single domain:

If you want to configure multiple certificates for a single domain, for instance, supporting both the ECC and RSA key-exchange algorithm, then just configure the extra certificates (the first certificate and private key should be still put in cert and key) and private keys by certs and keys.

• certs: PEM-encoded certificate array.
• keys: PEM-encoded private key array.

APISIX will pair the certificate and private key with the same indices as an SSL key pair. So the length of certs and keys must be the same.

So to configure Apache APISIX with RSA & ECC dual certificates for the same domain, you would have to do something like this:

curl -X PUT "127.0.0.1:9180/apisix/admin/ssls/1" \
-H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -d 
'{
    "cert": "certificate",
    "key": "key",
    "snis": [...],
    "certs": [...], <- extra certificates
    "keys": [...],  <- extra keys
}'