Stream动态证书

1.功能说明

本模块支持stream块的server，通过API接口动态添加，删除各类型的SSL证书，包括ECC，RSA，国密或者其他类型。

2.依赖模块

动态SSL功能依赖模块:

njet.conf:

load_module modules/njt_http_kv_module.so;
load_module modules/njt_stream_dyn_ssl_module.so;

njet_ctrl.conf:

load_module modules/njt_http_sendmsg_module.so;
load_module modules/njt_stream_ssl_api_module.so

3.配置示例

3.1 数据面配置

njet.conf配置文件

注意配置文件中需要修改so路径，log路径，替换ssl证书

load_module modules/njt_http_kv_module.so;
load_module modules/njt_stream_dyn_ssl_module.so;

helper broker modules/njt_helper_broker_module.so conf/mqtt.conf;
helper ctrl modules/njt_helper_ctrl_module.so conf/ctrl.conf;

worker_processes  1;
events {
    worker_connections  1024;
}
cluster_name helper;
node_name node1;


http {
    access_log logs/access.log combined;
    dyn_kv_conf conf/iot-work.conf;
    upstream demo {
       zone demo 128k;
        server 192.168.40.141:8080;
        keepalive 10240;
    }
    server {
        listen 443 ssl;

        ECC 证书（可选）
        ssl_certificate                 certs/server.crt;
        ssl_certificate_key             certs/server.key;

        location / {
            return 200 "njet ntls test OK, ssl_protocol is $ssl_protocol (NTLSv1.1 表示国密，其他表示国际)";
        }
    }
}


stream {

   
      server {

           listen 22224 ssl;

           server_name dev.test.com;

           ssl_certificate     certs/ca/ECC/ecc-root_cert.pem;
           ssl_certificate_key certs/ca/ECC/ecc-root_private_key.pem;


           return "22224 ssl ok";


       }


}

3.2 控制面配置说明

njet_ctrl.conf

注意配置文件中需要修改so路径，log路径，替换ssl证书

load_module modules/njt_http_sendmsg_module.so;
load_module modules/njt_stream_ssl_api_module.so;         #加载ssl api

events {
    worker_connections  1024;
}
error_log         logs/error_ctrl.log info;

http {
    dyn_sendmsg_conf  conf/iot-ctrl.conf;
    access_log        logs/access_ctrl.log combined;

    include           mime.types;

    server {
        listen       8081;
        

        location /api {
            dyn_module_api;         #开启ssl动态配置
        }
  }

}


cluster_name helper;
node_name node1;

该模块支持ACL控制，配置参考

load_module modules/njt_http_sendmsg_module.so;
load_module modules/njt_stream_ssl_api_module.so;         #加载ssl api

events {
    worker_connections  1024;
}
error_log         logs/error_ctrl.log info;

http {
    dyn_sendmsg_conf  conf/iot-ctrl.conf;
    access_log        logs/access_ctrl.log combined;

    include           mime.types;

    server {
        listen       8081;
      

        location /api {
            dyn_module_api;
            limit_except GET {
                auth_basic "NJET API";
                auth_basic_user_file /etc/njet/htpasswd;
          }
        }

  }

}


cluster_name helper;
node_name node1;

5.调用样例

5.1 API说明

查询：

GET http://ip+port/api/v1/stream_ssl

添加/删除：

PUT http://ip+port/api/v1/stream_ssl

5.2 查询stream server ssl 当前配置

请求

curl -v -X GET http://192.168.40.119:8081/api/v1/stream_ssl

返回值

* Connected to 192.168.40.119 (192.168.40.119) port 8081
> GET /api/v1/stream_ssl HTTP/1.1
> Host: 192.168.40.119:8081
> User-Agent: curl/8.2.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: njet/3.3.1.1
< Date: Wed, 15 Oct 2025 03:33:14 GMT
< Content-Type: application/json
< Content-Length: 269
< Connection: keep-alive
< 
{ [269 bytes data]
100   269  100   269    0     0   4521      0 --:--:-- --:--:-- --:--:--  4483
* Connection #0 to host 192.168.40.119 left intact
{
  "servers": [
    {
      "listens": [
        "0.0.0.0:22224"
      ],
      "serverNames": [
        ""
      ],
      "certificates": [
        {
          "cert_type": "ecc",
          "certificate": "certs/ca/ECC/ecc-root_cert.pem",
          "certificateKey": "certs/ca/ECC/ecc-root_private_key.pem"
        }
      ]
    }
  ]
}

5.3 新增stream server ssl国密证书并访问

**前提需要静态配置文件配置指令，ssl_ntls on; **

curl -X PUT  http://127.0.0.1:8081/api/v1/stream_ssl -d'
{
    "listens": [
        "0.0.0.0:22224"
    ],
    "serverNames": [
        ""
    ],
    "type": "add",

    "cert_info": {
        "cert_type": "ntls",
        "certificate": "data:-----BEGIN CERTIFICATE-----\r\nMIIB3zCCAYWgAwIBAgIBATAKBggqgRzPVQGDdTBLMQswCQYDVQQGEwJBQTELMAkG\r\nA1UECAwCQkIxCzAJBgNVBAoMAkNDMQswCQYDVQQLDAJERDEVMBMGA1UEAwwMZGV2\r\nLnRlc3QuY29tMB4XDTI0MDkyMzAyMDcxN1oXDTM0MDkyMTAyMDcxN1owSzELMAkG\r\nA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJDQzELMAkGA1UECwwCREQx\r\nFTATBgNVBAMMDGRldi50ZXN0LmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IA\r\nBKbuJ+paAmrrYkSMZfVf26U3z2WRsx9ypA1IqvOMmdRf/rmuIeIXAtq+k1Y6i9lN\r\nJUlh2+JQI3eqBr17pOXKmCyjWjBYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgbAMB0G\r\nA1UdDgQWBBRbz5pK7DIv4dk+BxrQBEqKjyMXoTAfBgNVHSMEGDAWgBRs8E9SbP7h\r\nYXIhvYjfWslWaNJT6TAKBggqgRzPVQGDdQNIADBFAiEAqudnZOIoTSGIKcidhNAo\r\nbORmYJf6t9L7yJ7IqXnTgpACIF8ScmcmXFJhemvRVWcgjD327MRclFvtF1zD+cD7\r\ncJk5\r\n-----END CERTIFICATE-----\r\n",
        "certificateKey": "data:-----BEGIN PRIVATE KEY-----\r\nMIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg1ev1Np2CFUoHbxE2\r\nnGsXyxfKezmYId/FlKtospIq1KChRANCAASm7ifqWgJq62JEjGX1X9ulN89lkbMf\r\ncqQNSKrzjJnUX/65riHiFwLavpNWOovZTSVJYdviUCN3qga9e6Tlypgs\r\n-----END PRIVATE KEY-----\r\n",
        "certificateEnc": "data:-----BEGIN CERTIFICATE-----\r\nMIIB4DCCAYWgAwIBAgIBAjAKBggqgRzPVQGDdTBLMQswCQYDVQQGEwJBQTELMAkG\r\nA1UECAwCQkIxCzAJBgNVBAoMAkNDMQswCQYDVQQLDAJERDEVMBMGA1UEAwwMZGV2\r\nLnRlc3QuY29tMB4XDTI0MDkyMzAyMDcxN1oXDTM0MDkyMTAyMDcxN1owSzELMAkG\r\nA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJDQzELMAkGA1UECwwCREQx\r\nFTATBgNVBAMMDGRldi50ZXN0LmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IA\r\nBBW4tCnAleXG+s3DRcRJUl94DW3+WpsGIxW+6jZKStQ2w6uVs0Zfpz0fvRZA7xDQ\r\nsG73PwDde68qtq3dZu+ulnGjWjBYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgM4MB0G\r\nA1UdDgQWBBSvkXE4GSFVR4Is8Fw0BKo5fqIkGzAfBgNVHSMEGDAWgBRs8E9SbP7h\r\nYXIhvYjfWslWaNJT6TAKBggqgRzPVQGDdQNJADBGAiEAkXhKWZEYWuB2Aq0XZAYZ\r\nfHOXggK7Gplf+lTPzF2q1ugCIQDUPHl1qdjXJnuY/mv4POLlYr3m8cm05WugJPKL\r\nPXr2Sg==\r\n-----END CERTIFICATE-----\r\n",
        "certificateKeyEnc": "data:-----BEGIN PRIVATE KEY-----\r\nMIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgHE+sUHvFuO9F3Eeg\r\ny1hbTADkrm4vA+Nz5fat8H+/dg6hRANCAAQVuLQpwJXlxvrNw0XESVJfeA1t/lqb\r\nBiMVvuo2SkrUNsOrlbNGX6c9H70WQO8Q0LBu9z8A3XuvKrat3WbvrpZx\r\n-----END PRIVATE KEY-----\r\n"
    }
}'

使用GET请求查询stream server ssl 当前配置

{
  "servers": [
    {
      "listens": [
        "0.0.0.0:22224"
      ],
      "serverNames": [
        ""
      ],
      "certificates": [
        {
          "cert_type": "ecc",
          "certificate": "certs/ca/ECC/ecc-root_cert.pem",
          "certificateKey": "certs/ca/ECC/ecc-root_private_key.pem"
        },
        {
          "cert_type": "ntls",
          "certificate": "data:-----BEGIN CERTIFICATE-----\r\nMIIB3zCCAYWgAwIBAgIBATAKBggqgRzPVQGDdTBLMQswCQYDVQQGEwJBQTELMAkG\r\nA1UECAwCQkIxCzAJBgNVBAoMAkNDMQswCQYDVQQLDAJERDEVMBMGA1UEAwwMZGV2\r\nLnRlc3QuY29tMB4XDTI0MDkyMzAyMDcxN1oXDTM0MDkyMTAyMDcxN1owSzELMAkG\r\nA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJDQzELMAkGA1UECwwCREQx\r\nFTATBgNVBAMMDGRldi50ZXN0LmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IA\r\nBKbuJ+paAmrrYkSMZfVf26U3z2WRsx9ypA1IqvOMmdRf/rmuIeIXAtq+k1Y6i9lN\r\nJUlh2+JQI3eqBr17pOXKmCyjWjBYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgbAMB0G\r\nA1UdDgQWBBRbz5pK7DIv4dk+BxrQBEqKjyMXoTAfBgNVHSMEGDAWgBRs8E9SbP7h\r\nYXIhvYjfWslWaNJT6TAKBggqgRzPVQGDdQNIADBFAiEAqudnZOIoTSGIKcidhNAo\r\nbORmYJf6t9L7yJ7IqXnTgpACIF8ScmcmXFJhemvRVWcgjD327MRclFvtF1zD+cD7\r\ncJk5\r\n-----END CERTIFICATE-----\r\n",
          "certificateKey": "data:-----BEGIN PRIVATE KEY-----\r\nMIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg1ev1Np2CFUoHbxE2\r\nnGsXyxfKezmYId/FlKtospIq1KChRANCAASm7ifqWgJq62JEjGX1X9ulN89lkbMf\r\ncqQNSKrzjJnUX/65riHiFwLavpNWOovZTSVJYdviUCN3qga9e6Tlypgs\r\n-----END PRIVATE KEY-----\r\n",
          "certificateEnc": "data:-----BEGIN CERTIFICATE-----\r\nMIIB4DCCAYWgAwIBAgIBAjAKBggqgRzPVQGDdTBLMQswCQYDVQQGEwJBQTELMAkG\r\nA1UECAwCQkIxCzAJBgNVBAoMAkNDMQswCQYDVQQLDAJERDEVMBMGA1UEAwwMZGV2\r\nLnRlc3QuY29tMB4XDTI0MDkyMzAyMDcxN1oXDTM0MDkyMTAyMDcxN1owSzELMAkG\r\nA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJDQzELMAkGA1UECwwCREQx\r\nFTATBgNVBAMMDGRldi50ZXN0LmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IA\r\nBBW4tCnAleXG+s3DRcRJUl94DW3+WpsGIxW+6jZKStQ2w6uVs0Zfpz0fvRZA7xDQ\r\nsG73PwDde68qtq3dZu+ulnGjWjBYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgM4MB0G\r\nA1UdDgQWBBSvkXE4GSFVR4Is8Fw0BKo5fqIkGzAfBgNVHSMEGDAWgBRs8E9SbP7h\r\nYXIhvYjfWslWaNJT6TAKBggqgRzPVQGDdQNJADBGAiEAkXhKWZEYWuB2Aq0XZAYZ\r\nfHOXggK7Gplf+lTPzF2q1ugCIQDUPHl1qdjXJnuY/mv4POLlYr3m8cm05WugJPKL\r\nPXr2Sg==\r\n-----END CERTIFICATE-----\r\n",
          "certificateKeyEnc": "data:-----BEGIN PRIVATE KEY-----\r\nMIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgHE+sUHvFuO9F3Eeg\r\ny1hbTADkrm4vA+Nz5fat8H+/dg6hRANCAAQVuLQpwJXlxvrNw0XESVJfeA1t/lqb\r\nBiMVvuo2SkrUNsOrlbNGX6c9H70WQO8Q0LBu9z8A3XuvKrat3WbvrpZx\r\n-----END PRIVATE KEY-----\r\n"
        }
      ]
    }
  ]
}

使用gmcurl指定对应ca证书访问server，确认证书生效

gmcurl --http0.9 --gmssl --cacert certs/ca/NTLS/ntls/ca.crt --resolve dev.test.com:22224:192.168.40.119 https://dev.test.com:22224/
GM Version: 1.0.1 Ported by www.gmssl.cn
GM options:
--gmssl, use TLCP protocol
--cert,  use sm2 sig pem cert
--key,   use sm2 sig pem key
--cert2, use sm2 enc pem cert
--key2,  use sm2 enc pem key
22224 ssl ok

5.4 新增stream server ssl RSA证书并访问

curl -X PUT http://127.0.0.1:8081/api/v1/stream_ssl -d'{
    "listens": [
        "0.0.0.0:22224"
    ],
    "serverNames": [
        ""
    ],
    "type": "add",

    "cert_info": {
        "cert_type": "rsa",
        "certificate": "data:-----BEGIN CERTIFICATE-----\r\nMIIDdjCCAl6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCQ04x\r\nEDAOBgNVBAcMB0JlaWppbmcxDTALBgNVBAoMBHRlc3QxETAPBgNVBAsMCFBlcnNv\r\nbmFsMRUwEwYDVQQDDAxkZXYudGVzdC5jb20wIBcNMjUwOTIyMDgwNDAyWhgPMjEy\r\nNTA4MjkwODA0MDJaMEYxCzAJBgNVBAYTAkNOMQ0wCwYDVQQKDAR0ZXN0MREwDwYD\r\nVQQLDAhQZXJzb25hbDEVMBMGA1UEAwwMZGV2LnRlc3QuY29tMIIBIjANBgkqhkiG\r\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2vJ6qwvbGZqesp+NdXRAhYxfCjAnWxzE7Hv\r\nqHMlQ5+Q2DSBy3v4SGIGVaANuc8qzjb7bBJXljKttfXKNHXhnE/ApNB+last3cI8\r\nuZ08i6bBc2+MehGm/8Q54Z89fbU0VOVw7P4SRGV+uBzX3ZJymR9vU2/LoR2Ap5ZL\r\npt+r1p9iZU5oDz7Ih3gktcMuEm1AtWYui0j86W7TraGlvGe8iRkrrWYozynJpiLi\r\n8TIkal/1GJg7agcSnFlv0UzRQ+a0lMDh3tPCByNCEMuO86V3s5RkIPZabcvWO/yY\r\n/wGSJ24kaqFr25j88u+NdDPdgr3/ZgYu72DgffXk2R20TVXoWwIDAQABo1owWDAJ\r\nBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUWda7VLj/rkBbMa0Nqi3i\r\nNTrcOMEwHwYDVR0jBBgwFoAUcujGKYB7oCPIRkP+ZCPx35RLakMwDQYJKoZIhvcN\r\nAQELBQADggEBAHCdCrXTU+++pVqxiRZlqHcY25n8K4hAIv4wxO6eLkKSbdSXOjFD\r\nTon00K0ygfFpJnaqnGXlbCRya9uxL+QmoYBf3VFZ9EAGpdrid29OidvZTxcKi8oC\r\nPJRugXuaz3v+1h+LuknOrTWC38IaVnsy1WX9BO5eMb+73TduzO8ASlibkltByWzI\r\nscb0emp4EKX62D1UHl2IUT8PXDqWr/6qtz8mASVVQ+5xZnNFZCUzP7osICwZy0hP\r\nkq7UTm4Kb1N1Vo5YK8JJ57hDw1SeN1CMAbgvucf9XxJ9OlICvMUMmzz/Q6VCnDy5\r\nCDpTAohBxUtxc6VLRpmxEU+BJCs/0CkZ17M=\r\n-----END CERTIFICATE-----\r\n",
        "certificateKey": "data:-----BEGIN PRIVATE KEY-----\r\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/a8nqrC9sZmp6\r\nyn411dECFjF8KMCdbHMTse+ocyVDn5DYNIHLe/hIYgZVoA25zyrONvtsEleWMq21\r\n9co0deGcT8Ck0H6Vqy3dwjy5nTyLpsFzb4x6Eab/xDnhnz19tTRU5XDs/hJEZX64\r\nHNfdknKZH29Tb8uhHYCnlkum36vWn2JlTmgPPsiHeCS1wy4SbUC1Zi6LSPzpbtOt\r\noaW8Z7yJGSutZijPKcmmIuLxMiRqX/UYmDtqBxKcWW/RTNFD5rSUwOHe08IHI0IQ\r\ny47zpXezlGQg9lpty9Y7/Jj/AZInbiRqoWvbmPzy7410M92Cvf9mBi7vYOB99eTZ\r\nHbRNVehbAgMBAAECggEAD9BxjmAKoZ5VyQPg/hpGZIa9hdq+twLBAG014H51eKsT\r\nxgOTKY16C04rOc25nz0x9cwYZMBLLiR3siML695FSlWoaQq0j9w5iNWa5gwgdrp1\r\nxvn96rkknoLGnruPfUrdd5oRBJ36Ql5O5Bpglx9EinP3YuGckBimNVzhrnf8yVlH\r\n+ftj8v9zq5Dbb1RxoBHXk26E40AtN/eUpTpmVHJ/XtlM7L/zg7zwgPQaYdgauCb8\r\nrg403XNxFWweeyoDPtqEYHoucSiFdTWvwpluLBEMGmyq7wfVNs9e8pSiy2m+kxa6\r\nE+gQFKNe0+E+EH6Pud85vOPxZhpIiwGIRhpjm3S4AQKBgQDAF62GdBnlI0wpj7xG\r\nEd+nVuAd+zDll/PVIezpE2QqIERdaFpdXj6ydFtgYs/7pu5djrdNW5KSSIesqseW\r\ngwvz2Bra5pkqTnAQTJdcHpB0NWnsDVSNgzrBzZvIoc36gVw7onFf/H7yOCfPwxmY\r\n2d/wwF9XrSWU6BLVs5zDr5ekWwKBgQD/GuzFoNijYvL1g14AbDEh6AvnmJoQB7La\r\nQg3ueJb1To7e6Rq5KF3NA6KRIyQNK5KGGvXtRNSdqhVhR3/2O3/NmQzmlMv4nWVO\r\niCWZaRyB9yO88vyuMy4JIhGxjLnTiAALbOlEForFfz++vpRzMjEudlp3hsYdrUWt\r\nDcSxXD4MAQKBgB9q//+wt5eJqWhW0QVo4Pq+s9NThVDYBJKEhPouKMDXHDdm3PjO\r\ndFS9wUBHiRrw16XHtOVbJ+LzJ/WuzQwqDOdqHiJVexG3WI7h6BOyEBBhuBxapcyr\r\nfQ27slIjXMwvIkXCsOZxJtY5JxHNKD+eywjWfgGaGT58oq//O5GqA5RnAoGBALrK\r\niUIwA1CnXEUe+o6Oqe8szMK4v14rdO9RXIgXrllSO1THFHUtNHmwRrHFLFmkZPZi\r\n+V3Rf2kup9cCFpVCfdMaVRLlMvEItqwpDnblOyWCw51Pwmr/OJ8hXhlGdK6Jr5au\r\nGaNsahIwmYleXK54uwBNUvKgMaJ7REBxi2teomQBAoGABXxGQYkeQaKN9/CwOm8N\r\npervuCRAAJ5VZIAC69J1mYDp+nQHN/7QLBv7iqF4FnrPs+ebGkHjgjH7eG1q0X3s\r\nyEmSAmyfFeF4/ylCVhTKbUywebv4zXNqtpNchpe55QVcV/2Dld45QNCSXJf/PPwI\r\n9M2oSf34CLCOB48Mb4FrF3M=\r\n-----END PRIVATE KEY-----\r\n"
        }
}'

查询更新结果

{
  "servers": [
    {
      "listens": [
        "0.0.0.0:22224"
      ],
      "serverNames": [
        ""
      ],
      "certificates": [
        {
          "cert_type": "ecc",
          "certificate": "certs/ca/ECC/ecc-root_cert.pem",
          "certificateKey": "certs/ca/ECC/ecc-root_private_key.pem"
        },
        {
          "cert_type": "rsa",
          "certificate": "data:-----BEGIN CERTIFICATE-----\r\nMIIDdjCCAl6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCQ04x\r\nEDAOBgNVBAcMB0JlaWppbmcxDTALBgNVBAoMBHRlc3QxETAPBgNVBAsMCFBlcnNv\r\nbmFsMRUwEwYDVQQDDAxkZXYudGVzdC5jb20wIBcNMjUwOTIyMDgwNDAyWhgPMjEy\r\nNTA4MjkwODA0MDJaMEYxCzAJBgNVBAYTAkNOMQ0wCwYDVQQKDAR0ZXN0MREwDwYD\r\nVQQLDAhQZXJzb25hbDEVMBMGA1UEAwwMZGV2LnRlc3QuY29tMIIBIjANBgkqhkiG\r\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2vJ6qwvbGZqesp+NdXRAhYxfCjAnWxzE7Hv\r\nqHMlQ5+Q2DSBy3v4SGIGVaANuc8qzjb7bBJXljKttfXKNHXhnE/ApNB+last3cI8\r\nuZ08i6bBc2+MehGm/8Q54Z89fbU0VOVw7P4SRGV+uBzX3ZJymR9vU2/LoR2Ap5ZL\r\npt+r1p9iZU5oDz7Ih3gktcMuEm1AtWYui0j86W7TraGlvGe8iRkrrWYozynJpiLi\r\n8TIkal/1GJg7agcSnFlv0UzRQ+a0lMDh3tPCByNCEMuO86V3s5RkIPZabcvWO/yY\r\n/wGSJ24kaqFr25j88u+NdDPdgr3/ZgYu72DgffXk2R20TVXoWwIDAQABo1owWDAJ\r\nBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUWda7VLj/rkBbMa0Nqi3i\r\nNTrcOMEwHwYDVR0jBBgwFoAUcujGKYB7oCPIRkP+ZCPx35RLakMwDQYJKoZIhvcN\r\nAQELBQADggEBAHCdCrXTU+++pVqxiRZlqHcY25n8K4hAIv4wxO6eLkKSbdSXOjFD\r\nTon00K0ygfFpJnaqnGXlbCRya9uxL+QmoYBf3VFZ9EAGpdrid29OidvZTxcKi8oC\r\nPJRugXuaz3v+1h+LuknOrTWC38IaVnsy1WX9BO5eMb+73TduzO8ASlibkltByWzI\r\nscb0emp4EKX62D1UHl2IUT8PXDqWr/6qtz8mASVVQ+5xZnNFZCUzP7osICwZy0hP\r\nkq7UTm4Kb1N1Vo5YK8JJ57hDw1SeN1CMAbgvucf9XxJ9OlICvMUMmzz/Q6VCnDy5\r\nCDpTAohBxUtxc6VLRpmxEU+BJCs/0CkZ17M=\r\n-----END CERTIFICATE-----\r\n",
          "certificateKey": "data:-----BEGIN PRIVATE KEY-----\r\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/a8nqrC9sZmp6\r\nyn411dECFjF8KMCdbHMTse+ocyVDn5DYNIHLe/hIYgZVoA25zyrONvtsEleWMq21\r\n9co0deGcT8Ck0H6Vqy3dwjy5nTyLpsFzb4x6Eab/xDnhnz19tTRU5XDs/hJEZX64\r\nHNfdknKZH29Tb8uhHYCnlkum36vWn2JlTmgPPsiHeCS1wy4SbUC1Zi6LSPzpbtOt\r\noaW8Z7yJGSutZijPKcmmIuLxMiRqX/UYmDtqBxKcWW/RTNFD5rSUwOHe08IHI0IQ\r\ny47zpXezlGQg9lpty9Y7/Jj/AZInbiRqoWvbmPzy7410M92Cvf9mBi7vYOB99eTZ\r\nHbRNVehbAgMBAAECggEAD9BxjmAKoZ5VyQPg/hpGZIa9hdq+twLBAG014H51eKsT\r\nxgOTKY16C04rOc25nz0x9cwYZMBLLiR3siML695FSlWoaQq0j9w5iNWa5gwgdrp1\r\nxvn96rkknoLGnruPfUrdd5oRBJ36Ql5O5Bpglx9EinP3YuGckBimNVzhrnf8yVlH\r\n+ftj8v9zq5Dbb1RxoBHXk26E40AtN/eUpTpmVHJ/XtlM7L/zg7zwgPQaYdgauCb8\r\nrg403XNxFWweeyoDPtqEYHoucSiFdTWvwpluLBEMGmyq7wfVNs9e8pSiy2m+kxa6\r\nE+gQFKNe0+E+EH6Pud85vOPxZhpIiwGIRhpjm3S4AQKBgQDAF62GdBnlI0wpj7xG\r\nEd+nVuAd+zDll/PVIezpE2QqIERdaFpdXj6ydFtgYs/7pu5djrdNW5KSSIesqseW\r\ngwvz2Bra5pkqTnAQTJdcHpB0NWnsDVSNgzrBzZvIoc36gVw7onFf/H7yOCfPwxmY\r\n2d/wwF9XrSWU6BLVs5zDr5ekWwKBgQD/GuzFoNijYvL1g14AbDEh6AvnmJoQB7La\r\nQg3ueJb1To7e6Rq5KF3NA6KRIyQNK5KGGvXtRNSdqhVhR3/2O3/NmQzmlMv4nWVO\r\niCWZaRyB9yO88vyuMy4JIhGxjLnTiAALbOlEForFfz++vpRzMjEudlp3hsYdrUWt\r\nDcSxXD4MAQKBgB9q//+wt5eJqWhW0QVo4Pq+s9NThVDYBJKEhPouKMDXHDdm3PjO\r\ndFS9wUBHiRrw16XHtOVbJ+LzJ/WuzQwqDOdqHiJVexG3WI7h6BOyEBBhuBxapcyr\r\nfQ27slIjXMwvIkXCsOZxJtY5JxHNKD+eywjWfgGaGT58oq//O5GqA5RnAoGBALrK\r\niUIwA1CnXEUe+o6Oqe8szMK4v14rdO9RXIgXrllSO1THFHUtNHmwRrHFLFmkZPZi\r\n+V3Rf2kup9cCFpVCfdMaVRLlMvEItqwpDnblOyWCw51Pwmr/OJ8hXhlGdK6Jr5au\r\nGaNsahIwmYleXK54uwBNUvKgMaJ7REBxi2teomQBAoGABXxGQYkeQaKN9/CwOm8N\r\npervuCRAAJ5VZIAC69J1mYDp+nQHN/7QLBv7iqF4FnrPs+ebGkHjgjH7eG1q0X3s\r\nyEmSAmyfFeF4/ylCVhTKbUywebv4zXNqtpNchpe55QVcV/2Dld45QNCSXJf/PPwI\r\n9M2oSf34CLCOB48Mb4FrF3M=\r\n-----END PRIVATE KEY-----\r\n"
        }
      ]
    }
  ]
}

使用curl指定对应ca证书访问server，确认证书生效

curl --http0.9 --gmssl --cacert certs/ca/RSA/rsa/ca.crt  https://dev.test.com:22224/

22224 ssl ok

5.5 删除stream server ssl证书

删除只会在reload后生效并且有效果

curl -X PUT http://127.0.0.1:8081/api/v1/stream_ssl -d'{
    "listens": [
        "0.0.0.0:22224"
    ],
    "serverNames": [
        ""
    ],
    "type": "del",

    "cert_info": {
        "cert_type": "rsa",
        "certificate": "data:-----BEGIN CERTIFICATE-----\r\nMIIDdjCCAl6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCQ04x\r\nEDAOBgNVBAcMB0JlaWppbmcxDTALBgNVBAoMBHRlc3QxETAPBgNVBAsMCFBlcnNv\r\nbmFsMRUwEwYDVQQDDAxkZXYudGVzdC5jb20wIBcNMjUwOTIyMDgwNDAyWhgPMjEy\r\nNTA4MjkwODA0MDJaMEYxCzAJBgNVBAYTAkNOMQ0wCwYDVQQKDAR0ZXN0MREwDwYD\r\nVQQLDAhQZXJzb25hbDEVMBMGA1UEAwwMZGV2LnRlc3QuY29tMIIBIjANBgkqhkiG\r\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2vJ6qwvbGZqesp+NdXRAhYxfCjAnWxzE7Hv\r\nqHMlQ5+Q2DSBy3v4SGIGVaANuc8qzjb7bBJXljKttfXKNHXhnE/ApNB+last3cI8\r\nuZ08i6bBc2+MehGm/8Q54Z89fbU0VOVw7P4SRGV+uBzX3ZJymR9vU2/LoR2Ap5ZL\r\npt+r1p9iZU5oDz7Ih3gktcMuEm1AtWYui0j86W7TraGlvGe8iRkrrWYozynJpiLi\r\n8TIkal/1GJg7agcSnFlv0UzRQ+a0lMDh3tPCByNCEMuO86V3s5RkIPZabcvWO/yY\r\n/wGSJ24kaqFr25j88u+NdDPdgr3/ZgYu72DgffXk2R20TVXoWwIDAQABo1owWDAJ\r\nBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUWda7VLj/rkBbMa0Nqi3i\r\nNTrcOMEwHwYDVR0jBBgwFoAUcujGKYB7oCPIRkP+ZCPx35RLakMwDQYJKoZIhvcN\r\nAQELBQADggEBAHCdCrXTU+++pVqxiRZlqHcY25n8K4hAIv4wxO6eLkKSbdSXOjFD\r\nTon00K0ygfFpJnaqnGXlbCRya9uxL+QmoYBf3VFZ9EAGpdrid29OidvZTxcKi8oC\r\nPJRugXuaz3v+1h+LuknOrTWC38IaVnsy1WX9BO5eMb+73TduzO8ASlibkltByWzI\r\nscb0emp4EKX62D1UHl2IUT8PXDqWr/6qtz8mASVVQ+5xZnNFZCUzP7osICwZy0hP\r\nkq7UTm4Kb1N1Vo5YK8JJ57hDw1SeN1CMAbgvucf9XxJ9OlICvMUMmzz/Q6VCnDy5\r\nCDpTAohBxUtxc6VLRpmxEU+BJCs/0CkZ17M=\r\n-----END CERTIFICATE-----\r\n",
        "certificateKey": "data:-----BEGIN PRIVATE KEY-----\r\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/a8nqrC9sZmp6\r\nyn411dECFjF8KMCdbHMTse+ocyVDn5DYNIHLe/hIYgZVoA25zyrONvtsEleWMq21\r\n9co0deGcT8Ck0H6Vqy3dwjy5nTyLpsFzb4x6Eab/xDnhnz19tTRU5XDs/hJEZX64\r\nHNfdknKZH29Tb8uhHYCnlkum36vWn2JlTmgPPsiHeCS1wy4SbUC1Zi6LSPzpbtOt\r\noaW8Z7yJGSutZijPKcmmIuLxMiRqX/UYmDtqBxKcWW/RTNFD5rSUwOHe08IHI0IQ\r\ny47zpXezlGQg9lpty9Y7/Jj/AZInbiRqoWvbmPzy7410M92Cvf9mBi7vYOB99eTZ\r\nHbRNVehbAgMBAAECggEAD9BxjmAKoZ5VyQPg/hpGZIa9hdq+twLBAG014H51eKsT\r\nxgOTKY16C04rOc25nz0x9cwYZMBLLiR3siML695FSlWoaQq0j9w5iNWa5gwgdrp1\r\nxvn96rkknoLGnruPfUrdd5oRBJ36Ql5O5Bpglx9EinP3YuGckBimNVzhrnf8yVlH\r\n+ftj8v9zq5Dbb1RxoBHXk26E40AtN/eUpTpmVHJ/XtlM7L/zg7zwgPQaYdgauCb8\r\nrg403XNxFWweeyoDPtqEYHoucSiFdTWvwpluLBEMGmyq7wfVNs9e8pSiy2m+kxa6\r\nE+gQFKNe0+E+EH6Pud85vOPxZhpIiwGIRhpjm3S4AQKBgQDAF62GdBnlI0wpj7xG\r\nEd+nVuAd+zDll/PVIezpE2QqIERdaFpdXj6ydFtgYs/7pu5djrdNW5KSSIesqseW\r\ngwvz2Bra5pkqTnAQTJdcHpB0NWnsDVSNgzrBzZvIoc36gVw7onFf/H7yOCfPwxmY\r\n2d/wwF9XrSWU6BLVs5zDr5ekWwKBgQD/GuzFoNijYvL1g14AbDEh6AvnmJoQB7La\r\nQg3ueJb1To7e6Rq5KF3NA6KRIyQNK5KGGvXtRNSdqhVhR3/2O3/NmQzmlMv4nWVO\r\niCWZaRyB9yO88vyuMy4JIhGxjLnTiAALbOlEForFfz++vpRzMjEudlp3hsYdrUWt\r\nDcSxXD4MAQKBgB9q//+wt5eJqWhW0QVo4Pq+s9NThVDYBJKEhPouKMDXHDdm3PjO\r\ndFS9wUBHiRrw16XHtOVbJ+LzJ/WuzQwqDOdqHiJVexG3WI7h6BOyEBBhuBxapcyr\r\nfQ27slIjXMwvIkXCsOZxJtY5JxHNKD+eywjWfgGaGT58oq//O5GqA5RnAoGBALrK\r\niUIwA1CnXEUe+o6Oqe8szMK4v14rdO9RXIgXrllSO1THFHUtNHmwRrHFLFmkZPZi\r\n+V3Rf2kup9cCFpVCfdMaVRLlMvEItqwpDnblOyWCw51Pwmr/OJ8hXhlGdK6Jr5au\r\nGaNsahIwmYleXK54uwBNUvKgMaJ7REBxi2teomQBAoGABXxGQYkeQaKN9/CwOm8N\r\npervuCRAAJ5VZIAC69J1mYDp+nQHN/7QLBv7iqF4FnrPs+ebGkHjgjH7eG1q0X3s\r\nyEmSAmyfFeF4/ylCVhTKbUywebv4zXNqtpNchpe55QVcV/2Dld45QNCSXJf/PPwI\r\n9M2oSf34CLCOB48Mb4FrF3M=\r\n-----END PRIVATE KEY-----\r\n"
        }
}'

返回值

{"code":0,"msg":"success."}

reload后再次查询

{
  "servers": [
    {
      "listens": [
        "0.0.0.0:22224"
      ],
      "serverNames": [
        ""
      ],
      "certificates": [
        {
          "cert_type": "ecc",
          "certificate": "/etc/njet/NJet3.4-stream-dyn-ssl/certs/ca/ECC/ecc-root_cert.pem",
          "certificateKey": "/etc/njet/NJet3.4-stream-dyn-ssl/certs/ca/ECC/ecc-root_private_key.pem"
        }
      ]
    }
  ]
}