[英]Unable to use self-signed certificate that imported to ACM
I have created and imported self-signed certificate to amazon certificate manager.我已经创建并导入自签名证书到亚马逊证书管理器。 On acm console, it looks successfully imported.
在 acm 控制台上,它看起来已成功导入。 I want to use this sertificate to aws client VPN endpoint.
我想将此证书用于 aws 客户端 VPN 端点。 At "Server certificate ARN" section of "Create Client VPN Endpoint" page in the VPC console, My certification dose not show up in the list.
在 VPC 控制台的“创建客户端 VPN 终端节点”页面的“服务器证书 ARN”部分,我的证书未显示在列表中。
"aws acm describe-certificate --certificate-arn " command returns my certificate information. “aws acm describe-certificate --certificate-arn”命令返回我的证书信息。 But "aws acm list-certificates" command returns "CertificateSummaryList" with null.
但是“aws acm list-certificates”命令返回“CertificateSummaryList”且为空。
I also tried to create VPN endpoint using aws cli "aws ec2 create-client-vpn-endpoint" specifying my certificate arn with "--authentication-options" but it end up to error as well.我还尝试使用 aws cli "aws ec2 create-client-vpn-endpoint" 创建 VPN 端点,并使用 "--authentication-options" 指定我的证书 arn,但它最终也会出错。
Can someone tell me how to fix this?有人可以告诉我如何解决这个问题吗?
Can you please check if your certificate has been created in the same region where you want to create the client vpn endpoint?The certificate arn will list something like您能否检查一下您的证书是否已在要创建客户端 vpn 端点的同一区域中创建?证书 arn 将列出类似的内容
arn:aws:acm:::certificate/xxxxxxxxxxxxxx arn:aws:acm:::certificate/xxxxxxxxxxxxxxx
If your certificate is created in a different region in might not show up in the drop down menu.如果您的证书是在不同地区创建的,则下拉菜单中可能不会显示。
Might be a bit late, but I just had the same issue.可能有点晚了,但我也遇到了同样的问题。
One reason for the certificate not showing up is if it has been created without specifying a domain.证书未显示的一个原因是它是在未指定域的情况下创建的。
You can specify the domain using the -subj switch in openssl.您可以使用 openssl 中的 -subj 开关指定域。 Eg
例如
openssl req -new -x509 -nodes -sha1 -days 3650 -subj '/CN=yourdomain.com' -extensions v3_ca -key my-aws-private.key > my-aws-public.crt
See https://www.digicert.com/kb/ssl-support/openssl-quick-reference-guide.htm#Usingthe-subjSwitch请参阅https://www.digicert.com/kb/ssl-support/openssl-quick-reference-guide.htm#Usingthe-subjSwitch
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.