简体繁体 English

Amazon EC2上的HTTPS证书

[英]HTTPS Certificate on Amazon EC2

原文 2017-09-21 10:57:26 6 1 amazon-web-services/ ssl/ java-ee/ amazon-ec2/ https

Section "Step 2: Obtain a CA-signed Certificate" from here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html 此处的“步骤2：获取CA签名的证书”部分： http : //docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html

explains in detail how to get a TLS certificate from a CA. 详细说明如何从CA获取TLS证书。 However, I have a confusion: 但是，我有一个困惑：

How will the certificate work, if I create it based on a custom domain (example.com), and the EC2's instance domain is an ephemeral one of type " http://ec2-34354-us-west2 ..."? 如果我基于自定义域（example.com）创建证书，并且EC2的实例域是类型为“ http：// ec2-34354-us-west2 ...” 的临时性证书，证书将如何工作？

Maybe it's worth to note that I do not intend to use it with Apache HTTP Server, but with Glassfish (JavaEE application server) -- but I do not think this makes a difference. 也许值得一提的是，我不打算将它与Apache HTTP Server一起使用，而是与Glassfish（JavaEE应用程序服务器）一起使用-但我认为这没有什么不同。

I imagine that example.com will point to http://ec2 ... via a domain forwarding. 我想example.com将通过域转发指向http：// ec2 ...。 Will it work if I simply forward https://www.example.com to https://ec2 ... ? 如果我仅将https://www.example.com转发到https：// ec2 ...，是否可以使用？ I doubt it, since the browser should be able to tell that the certificate is for example.com and a forwarding is being tried to a domain which is not actually secure. 我对此表示怀疑，因为浏览器应该能够知道证书为example.com，并且正在尝试转发到实际上并不安全的域。

1 个解决方案

The certificate has to match the domain that is in the browser's address bar. 证书必须与浏览器地址栏中的域匹配。 You will be serving that domain from your EC2 server. 您将通过EC2服务器为该域提供服务。 It doesn't matter that your EC2 server will also have some ec2... domain name. 您的EC2服务器也将具有某些ec2...域名都没关系。 As long as you are pointing your custom domain (that matches the SSL Certificate) to the server. 只要您将自定义域（与SSL证书匹配）指向服务器。