简体繁体 English

AWS 中 EC2 apache2 中的 http 到 https

[英]http to https in EC2 apache2 in AWS

原文 2018-01-30 05:19:35 4 4 apache/ amazon-web-services/ ssl/ amazon-ec2/ https

I'm trying to have https for a website which is hosted in AWS EC2.我正在尝试为 AWS EC2 中托管的网站使用 https。 I have followed the steps mention in the following link.我已按照以下链接中提到的步骤进行操作。

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04 https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

But still its showing the privacy thing to all user who are visiting the website.但它仍然向访问该网站的所有用户显示隐私。 How can make the certificate as trusted or how long it will take Amazon to make it a trusted one.如何使证书成为可信证书，或者亚马逊需要多长时间才能使其成为可信证书。

Please help me to solve this.请帮我解决这个问题。 I'm stuck with this for last 2 days.我在过去 2 天一直坚持这个。 Answers will be appreciated and Thank you.答案将不胜感激，谢谢。

4 个解决方案

The certificate which you are using is a "Self Signed Certificate ( https://en.wikipedia.org/wiki/Self-signed_certificate )".您使用的证书是“自签名证书（ https://en.wikipedia.org/wiki/Self-signed_certificate ）”。

In order to get rid of insecure certificate or privacy issues on HTTPS, you need to get your CSR signed from a trusted CA like Comodo, Godaddy etc.为了摆脱 HTTPS 上不安全的证书或隐私问题，您需要从 Comodo、Godaddy 等受信任的 CA 签署您的 CSR。

Ref -参考 -

https://in.godaddy.com/help/apache-generate-csr-certificate-signing-request-5269 https://help.comodo.com/topic-437-1-843-10843-.html https://in.godaddy.com/help/apache-generate-csr-certificate-signing-request-5269 https://help.comodo.com/topic-437-1-843-10843-.html

OR或

In case you want free verified SSL certificates, "letsencrypt" is the way to go.如果您想要免费的经过验证的 SSL 证书，“letsencrypt”是您的最佳选择。
https://letsencrypt.org/ https://letsencrypt.org/

Depending on your requirements you may wish to use SSL termination on an Elastic Load Balancer (ELB) instead.根据您的要求，您可能希望在弹性负载均衡器 (ELB) 上使用 SSL 终止。

This involves creating a free AWS certificate and an ELB .这涉及创建免费的AWS 证书和ELB 。 Attach both your instance the certificate to the ELB with HTTPS forwarded to port 80 on your instance.将您的实例证书附加到 ELB，HTTPS 转发到您实例上的端口 80。

Then just point your DNS name to the ELB.然后只需将您的 DNS 名称指向 ELB。 If you're using Route53 then you can just use an A-record alias .如果您使用的是 Route53，那么您可以只使用A-record alias 。

Edit: If you want to automatically direct HTTP to HTTPS you'll need to check the X-Forwarded-Proto header in Apache's .htaccess file.编辑：如果您想自动将 HTTP 定向到 HTTPS，您需要检查 Apache 的.htaccess文件中的X-Forwarded-Proto标头。 More information here .更多信息在这里。

You can use AWS Certificate Manager to issue free SSL certificate signed by AWS Certificate Authority.您可以使用 AWS Certificate Manager 颁发由 AWS Certificate Authority 签名的免费 SSL 证书。 However for this to work, you need to use a Load Balancer and attach the certificate to the Load Balancer which will forward the traffic to the EC2 instance.但是，要使其正常工作，您需要使用负载均衡器并将证书附加到负载均衡器，负载均衡器会将流量转发到 EC2 实例。

You don't need to pay anyone for a certificate.您无需向任何人支付证书费用。 Just use LetsEncrypt and their CertBot ACME client .只需使用LetsEncrypt和他们的CertBot ACME 客户端。 The CertBot automates the task of issuing and renewing certificates. CertBot 自动执行颁发和更新证书的任务。

LetsEncrypt is the leading free SSL certificate authority (CA) and their certs are as good as any paid cert. LetsEncrypt 是领先的免费 SSL 证书颁发机构 (CA)，他们的证书与任何付费证书一样好。