在哪里可以管理AWS中上载的IAM用户SSL证书?
[英]Where can I manage uploaded IAM user SSL certificates in AWS?
问题描述
I uploaded a custom SSL certificate and key to use with CloudFront via the AWS CLI with an AMI user: 
我通过AWS CLI和AMI用户上传了自定义SSL证书和密钥以与CloudFront一起使用:
$ aws iam upload-server-certificate --server-certificate-name my-cert --certificate-body file://https-cert.crt --private-key file://private-key.pem
I got a json response including the certificate ID and further information. 我收到了一个json响应,其中包括证书ID和更多信息。 My aim was to use it as a Custom SSL Certificate (AMI user certificate or ACM certificate pruchased through AWS) but the radio button for this option remains disabled. 我的目的是将其用作自定义SSL证书(通过AWS购买的AMI用户证书或ACM证书),但此选项的单选按钮保持禁用状态。 I expected it to be active after having added the certificate to my user. 在将证书添加到我的用户之后,我希望它是活动的。
I can't find any hint what I missed or where the uploaded certificate has gone. 我找不到任何提示,我错过了什么,或者上传的证书去了哪里。
SOLUTION: The missing /cloudfront/ path was the key to this problem. 解决方案:缺少的/cloudfront/路径是此问题的关键。 The following command let me upload and choose a certificate in CloudFront. 以下命令让我上载并选择CloudFront中的证书。
aws iam upload-server-certificate --server-certificate-name my-cert --certificate-body file://https-cert.crt --certificate-chain file://ca-chain.crt --private-key file://private-key.pem --path /cloudfront/
2 个解决方案
解决方案1
4 已采纳 2016-03-17 22:02:41
CloudFront does not have access to all of your uploaded server certificates (such as certs you might upload for use with an ELB). CloudFront无法访问您所有上载的服务器证书(例如您可能上载以供ELB使用的证书)。 It can only access those with a path matching /cloudfront/* . 它只能访问路径匹配/cloudfront/* 。
If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the
--pathoption.--path选项指定路径。 The path must begin with /cloudfront and must include a trailing slash (for example, /cloudfront/test/ ).http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html
Uploading the certificate with a path CloudFront can see seems likely to be the part of the process you missed, since you didn't mention having done that, in the question. 上载带有CloudFront可以看到的路径的证书似乎是您错过的过程的一部分,因为您没有在问题中提及这样做。
解决方案2
2 2016-03-17 13:32:29
If you supply a non-compliance custom certificate, Cloudfront just ignore them. 如果您提供不合规的自定义证书,Cloudfront只会忽略它们。 That's why it gray out and say "no certificates available". 这就是为什么它变灰并说“没有可用的证书”的原因。
If you click on the link that say "learn about custom SSL", there is more info reveal. 如果单击显示“了解自定义SSL”的链接,则会显示更多信息。 ( http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS ) ( http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS )
There is a section call "Requirements and Limits on Using SSL/TLS Certificates with CloudFront" . 有一个小节名为“在CloudFront上使用SSL / TLS证书的要求和限制”。 All this will tell you how to create custom certificate compliance to Cloudfront. 所有这些将告诉您如何创建与Cloudfront的自定义证书合规性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.