堆栈内存溢出
  简体   繁体   English

无法使用导入 ACM 的自签名证书

[英]Unable to use self-signed certificate that imported to ACM

 原文  2020-03-24 08:52:42       amazon-web-services/ amazon-acm

问题描述

I have created and imported self-signed certificate to amazon certificate manager.我已经创建并导入自签名证书到亚马逊证书管理器。 On acm console, it looks successfully imported.在 acm 控制台上,它看起来已成功导入。 I want to use this sertificate to aws client VPN endpoint.我想将此证书用于 aws 客户端 VPN 端点。 At "Server certificate ARN" section of "Create Client VPN Endpoint" page in the VPC console, My certification dose not show up in the list.在 VPC 控制台的“创建客户端 VPN 终端节点”页面的“服务器证书 ARN”部分,我的证书未显示在列表中。

"aws acm describe-certificate --certificate-arn " command returns my certificate information. “aws acm describe-certificate --certificate-arn”命令返回我的证书信息。 But "aws acm list-certificates" command returns "CertificateSummaryList" with null.但是“aws acm list-certificates”命令返回“CertificateSummaryList”且为空。

I also tried to create VPN endpoint using aws cli "aws ec2 create-client-vpn-endpoint" specifying my certificate arn with "--authentication-options" but it end up to error as well.我还尝试使用 aws cli "aws ec2 create-client-vpn-endpoint" 创建 VPN 端点,并使用 "--authentication-options" 指定我的证书 arn,但它最终也会出错。

Can someone tell me how to fix this?有人可以告诉我如何解决这个问题吗?

2 个解决方案

解决方案1
 0  2020-03-24 12:37:59

Can you please check if your certificate has been created in the same region where you want to create the client vpn endpoint?The certificate arn will list something like您能否检查一下您的证书是否已在要创建客户端 vpn 端点的同一区域中创建?证书 arn 将列出类似的内容

arn:aws:acm:::certificate/xxxxxxxxxxxxxx arn:aws:acm:::certificate/xxxxxxxxxxxxxxx

If your certificate is created in a different region in might not show up in the drop down menu.如果您的证书是在不同地区创建的,则下拉菜单中可能不会显示。

解决方案2
 0  2022-01-20 12:51:59

Might be a bit late, but I just had the same issue.可能有点晚了,但我也遇到了同样的问题。
One reason for the certificate not showing up is if it has been created without specifying a domain.证书未显示的一个原因是它是在未指定域的情况下创建的。
You can specify the domain using the -subj switch in openssl.您可以使用 openssl 中的 -subj 开关指定域。 Eg例如

openssl req -new -x509 -nodes -sha1 -days 3650 -subj '/CN=yourdomain.com' -extensions v3_ca -key my-aws-private.key > my-aws-public.crt

See https://www.digicert.com/kb/ssl-support/openssl-quick-reference-guide.htm#Usingthe-subjSwitch请参阅https://www.digicert.com/kb/ssl-support/openssl-quick-reference-guide.htm#Usingthe-subjSwitch

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 AWS 中使用自签名导入证书 - Use self-signed imported certificate in AWS 如果负载均衡器具有有效的 CA 证书,我可以在 AWS 实例上使用自签名证书吗? - Can I use a self-signed certificate on an AWS instance if the load balancer has a valid CA certificate? 提供的证书不是有效的自签名证书。 请提供有效的自签名证书或证书链 - Provided certificate is not a valid self signed. Please provide either a valid self-signed certificate or certificate chain ELB使用带有自签名证书的HTTPS到后端服务器 - ELB to backend server using HTTPS with self-signed certificate AWS ELB - >具有自签名证书的HTTPS后端服务器 - AWS ELB -> Backend Server over HTTPS with Self-Signed Certificate AWS ACM 导入证书通知 - AWS ACM Imported certificate Notification 如何使用自签名 SSL 证书保护托管在 EC2 实例上的 fastapi 应用程序? - How to secure a fastapi app hosted on EC2 instance with a self-signed SSL certificate? 在React中通过axios调用API(带有自签名证书)时发生CORS问题 - CORS issue when calling API (with a self-signed certificate) via axios in React 如何删除在AWS ubuntu服务器中创建的自签名SSL证书 - How to remove the self-signed SSL certificate created in AWS ubuntu server 如何让Go接受TLS客户端身份验证的自签名证书? - How can I make Go accept a self-signed certificate for TLS client authentication?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM