简体繁体 English

为同一服务器使用多个证书

[英]Use multiple certificates for same server

原文 2021-01-25 00:39:15 5 1 amazon-web-services/ ssl/ https/ amazon-ecs/ white-labelling

I am creating a web application which will be sold to customers as white label, meaning the customers will see their domain in the URL but all the traffic will be routed through my servers.我正在创建一个 web 应用程序，它将以白色 label 的形式出售给客户，这意味着客户将在 URL 中看到他们的域，但所有流量都将通过我的服务器进行路由。

I am using AWS as a host.我使用 AWS 作为主机。 For each new customer I create a cloudfront distribution but the problem is with the ECS backend, I don't want to create a new cluster for each customer but having the web client and server on different domains gives me a ton of problems.对于每个新客户，我创建了一个云端分发，但问题在于 ECS 后端，我不想为每个客户创建一个新集群，但是在不同域上拥有 web 客户端和服务器会给我带来很多问题。 The server uses an SSL certificate so I can't create a route in the customer's domain to point to my server.服务器使用 SSL 证书，因此我无法在客户的域中创建指向我的服务器的路由。

Anyone has any idea how I can efficiently create multiple endpoints, each with his own certificate without having to set-up extra instances and ECS clusters?任何人都知道如何有效地创建多个端点，每个端点都有自己的证书，而无需设置额外的实例和 ECS 集群？

1 个解决方案

Application Load balancer supports using multiple TLS/SSL certificates on using Server Name Indication (SNI), which allows you to:应用程序负载均衡器支持在使用服务器名称指示(SNI) 时使用多个 TLS/SSL 证书，它允许您：

host multiple TLS secured applications, each with its own TLS certificate, behind a single load balancer.在单个负载均衡器后面托管多个 TLS 安全应用程序，每个应用程序都有自己的 TLS 证书。 In order to use SNI, all you need to do is bind multiple certificates to the same secure listener on your load balancer.为了使用 SNI，您需要做的就是将多个证书绑定到负载均衡器上的同一个安全侦听器。 ALB will automatically choose the optimal TLS certificate for each client. ALB 将自动为每个客户端选择最佳 TLS 证书。 These new features are provided at no additional charge.这些新功能是免费提供的。