堆栈内存溢出
  简体   繁体   English

将SSL证书上载到IAM for Cloudfront

[英]Uploading SSL Certificate to IAM for Cloudfront

 原文  2015-09-20 10:57:01       ssl/ amazon-cloudfront/ amazon-iam/ dnsimple

问题描述

There's tons of Cloudfront questions out there, however the Googling for possible problems still amazes me. 那里有大量的Cloudfront问题,但是Google搜索可能出现的问题仍然令我感到惊讶。 Here's mine... 这是我的...

What I'm currently attempting right now is to upload an SSL cert to IAM so I can use a custom domain name for Cloudfront (eg https://assets.mydomain.com ). 我目前正在尝试将SSL证书上传到IAM,以便可以为Cloudfront使用自定义域名(例如https://assets.mydomain.com )。 This, however, isn't going so well. 但是,进展并不顺利。 The certs were purchased from DNSimple. 证书是从DNSimple购买的。 The AWS cli upload is as so: AWS cli上传是这样的: 

aws iam upload-server-certificate \
  --server-certificate-name MyDomainProduction \
  --path /cloudfront/ \
  --certificate-body file://~/Downloads/STAR_mydomain_com/STAR_mydomain_com.crt \
  --private-key file://~/Downloads/STAR_mydomain_com.key \
  --certificate-chain file://~/Downloads/STAR_mydomain_com.pem

The error: 错误: 

A client error (MalformedCertificate) occurred when calling the
UploadServerCertificate operation: Unable to validate certificate
chain. The certificate chain must start with the immediate signing
certificate, followed by any intermediaries in order. The index within
the chain of the invalid certificate is: 1

I think I've tried 500 different possibilities and I'm out of ideas as to why I can't get things to work. 我想我已经尝试了500种不同的可能性,但是我对为什么无法使事情正常工作的想法不多。 Here's what I got in my toolbox for what DNSimple and Comodo handed back to me: 这是我在工具箱中获得的DNSimple和Comodo退还给我的内容:

  • STAR_mydomain_com.pem
  • STAR_mydomain_com.key
  • STAR_mydomain_com/AddTrustExternalCARoot.crt
  • STAR_mydomain_com/COMODORSADomainValidationSecureServerCA.crt
  • STAR_mydomain_com/COMODORSAAddTrustCA.crt
  • STAR_mydomain_com/STAR_mydomain_com.crt

What's the right combination of crts, pem, and key to get SSL working on Cloudfront? crt,pem和密钥的正确组合是什么,才能使SSL在Cloudfront上运行?

1 个解决方案

解决方案1
 7 已采纳  2015-09-20 11:28:07

You're almost done. 你几乎完成。 The error is that you are using the wrong intermediate certificate file. 错误是您使用了错误的中间证书文件。 You should use the bundle that only includes the chain, without the primary certificate. 您应该使用仅包含链的捆绑包,而不使用主证书。

In other words, from the DNSimple installation wizard, select Other and download the files (1), (2) and (4). 换句话说,从DNSimple安装向导中,选择“ 其他”并下载文件(1),(2)和(4)。 You downloaded (3) instead of (4). 您下载了(3)而不是(4)。

The main difference is that (3) is (4) + (1). 主要区别在于(3)是(4)+(1)。 But as you are already passing (1) explicitly using the --certificate-body param, Cloudfront only wants the chain without the primary. 但是,由于您已经使用--certificate-body参数显式传递了(1),因此Cloudfront只需要没有主链的链。

在此处输入图片说明

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 上传后,UI中未显示CloudFront SSL证书 - CloudFront SSL Certificate Not Showing up in UI After Uploading 将SSL证书上载到IAM - Uploading SSL certificates TO IAM 上传到Amazon / CloudFront时如何验证SSL证书链? - How can I verify the SSL certificate chain when uploading to Amazon/CloudFront? 将SSL证书上传到heroku - uploading ssl certificate to heroku 通过自己的SSL证书提供服务的Cloudfront - Cloudfront serving over own SSL certificate RapidSSL使用Heroku和CloudFront的SSL证书 - SSL Certificate from RapidSSL with Heroku and CloudFront AWS CloudFront SSL证书-MalformedCertificate错误 - AWS CloudFront SSL Certificate - MalformedCertificate error ACM请求的公共SSL证书未出现在CloudFront中 - ACM Requested Public SSL certificate not appearing in CloudFront AWS CloudFront自定义SSL证书已禁用 - AWS CloudFront Custom SSL Certificate disabled 无法将AWS cloudfront与IAM的自定义SSL证书一起使用 - Can't use AWS cloudfront with custom SSL cert from IAM
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM