如何在 Amazon ELB 上安装 SSL 证书?
How to install SSL certificate on Amazon ELB?
所以我一直在尝试将此 SSL 证书安装到我设置的 Amazon NodeJS EC2/EJB 服务器上,但我无法让它正常工作。
基本上,我有一个 Godaddy 域和 SSL 证书,并且我在 Goddaddy 站点上设置了一个子域(假设 admin.example.com)以通过亚马逊的 Route 53 工具指向亚马逊服务器。所以,名称服务器和重定向都很好,但我的网站没有显示它是安全的。
如果我转到 admin.example.com,该网站显示 'Not Secure' 且没有任何警告,并且我无法连接到 https://admin.example.com. If I instead go to the beanstalk url (https://example.beanstalk.com),该网站显示 'Not Secure' 并带有一个红色标记。我通过 HTTPS 检查工具 运行 beanstalk url,它说唯一的问题是 url 不匹配(因为 SSL 是为 admin.example.com 注册的,而不是豆茎 url).
我是否需要为 beantalk url 注册证书?如何设置此子域以便它使用 HTTPS?我对此很陌生,但我认为设置起来不应该这么困难。有什么我想念的吗?
在此先感谢您的帮助!
首先要确定的问题是,证书是通配符证书吗?如果不是,它很可能只适用于根域和 admin.example.com。您是将 ELB 与 Beanstalk 部署一起使用还是仅使用一个实例?
如何从 ACM 请求通配符(这适用于负载均衡器和 Cloudfront)
You can also use an asterisk (*) as a wildcard in the leftmost
position to protect several site names in the same domain. For
example, *.example.com protects corp.example.com, and
images.example.com. The wildcard name will appear in the Subject field
and the Subject Alternative Name extension of the ACM Certificate.
http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request.html
How to upload a certificate to IAM
$ aws iam upload-server-certificate --server-certificate-name elastic-beanstalk-x509 --certificate-body file://https-cert.crt --private-key file://private-key.pem
{
"ServerCertificateMetadata": {
"ServerCertificateId": "AS5YBEIONO2Q7CAIHKNGC",
"ServerCertificateName": "elastic-beanstalk-x509",
"Expiration": "2017-01-31T23:06:22Z",
"Path": "/",
"Arn": "arn:aws:iam::123456789012:server-certificate/elastic-beanstalk-x509",
"UploadDate": "2016-02-01T23:10:34.167Z"
}
}
Make note of the Amazon Resource Name (ARN) for your certificate. You
will use it when you update your load balancer configuration settings
to use HTTPS.
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html
所以我一直在尝试将此 SSL 证书安装到我设置的 Amazon NodeJS EC2/EJB 服务器上,但我无法让它正常工作。
基本上,我有一个 Godaddy 域和 SSL 证书,并且我在 Goddaddy 站点上设置了一个子域(假设 admin.example.com)以通过亚马逊的 Route 53 工具指向亚马逊服务器。所以,名称服务器和重定向都很好,但我的网站没有显示它是安全的。
如果我转到 admin.example.com,该网站显示 'Not Secure' 且没有任何警告,并且我无法连接到 https://admin.example.com. If I instead go to the beanstalk url (https://example.beanstalk.com),该网站显示 'Not Secure' 并带有一个红色标记。我通过 HTTPS 检查工具 运行 beanstalk url,它说唯一的问题是 url 不匹配(因为 SSL 是为 admin.example.com 注册的,而不是豆茎 url).
我是否需要为 beantalk url 注册证书?如何设置此子域以便它使用 HTTPS?我对此很陌生,但我认为设置起来不应该这么困难。有什么我想念的吗?
在此先感谢您的帮助!
首先要确定的问题是,证书是通配符证书吗?如果不是,它很可能只适用于根域和 admin.example.com。您是将 ELB 与 Beanstalk 部署一起使用还是仅使用一个实例?
如何从 ACM 请求通配符(这适用于负载均衡器和 Cloudfront)
You can also use an asterisk (*) as a wildcard in the leftmost position to protect several site names in the same domain. For example, *.example.com protects corp.example.com, and images.example.com. The wildcard name will appear in the Subject field and the Subject Alternative Name extension of the ACM Certificate. http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request.html
How to upload a certificate to IAM
$ aws iam upload-server-certificate --server-certificate-name elastic-beanstalk-x509 --certificate-body file://https-cert.crt --private-key file://private-key.pem
{
"ServerCertificateMetadata": {
"ServerCertificateId": "AS5YBEIONO2Q7CAIHKNGC",
"ServerCertificateName": "elastic-beanstalk-x509",
"Expiration": "2017-01-31T23:06:22Z",
"Path": "/",
"Arn": "arn:aws:iam::123456789012:server-certificate/elastic-beanstalk-x509",
"UploadDate": "2016-02-01T23:10:34.167Z"
}
}
Make note of the Amazon Resource Name (ARN) for your certificate. You will use it when you update your load balancer configuration settings to use HTTPS.
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html