二级子域的通配符
Wildcard for second level subdomain
AWS 证书管理器不允许我添加 2 级通配符域名,这将匹配 x.a.example.com、y.b.example.com 等
有解决办法吗? (而不是创建 *.a.example.com、*.b.example.com 等)
来源:http://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
Wildcard Names ACM allows you to use an asterisk (*) in the domain name to create an ACM Certificate containing a wildcard name that can
protect several sites in the same domain. For example, *.example.com
protects www.example.com and images.example.com.
Note: When you request a wildcard certificate, the asterisk (*) must
be in the leftmost position of the domain name and can protect only
one subdomain level. For example, *.example.com can protect
login.example.com and test.example.com, but it cannot protect
test.login.example.com. Also note that *.example.com protects only the
subdomains of example.com, it does not protect the bare or apex domain
(example.com). However, you can request a certificate that protects a
bare or apex domain and its subdomains by specifying multiple domain
names in your request. For example, you can request a certificate that
protects example.com and *.example.com.
很遗憾,这不是 possible/supported。
您可以在命名域的证书中包含 主题备用名称s 或 SAN:https://geekflare.com/san-ssl-certificate/
证书签名请求或 CSR 生成将是这样的:
openssl req -new -key my.key -out my.csr -subj "/CN=*.domain.com" -addext "subjectAltName=DNS:one.complex.domain.com,DNS:completely.another.domain.com"
此处有更多详细信息:
对于证书中的多个子域有问题的人。
来源:https://aws.amazon.com/premiumsupport/knowledge-center/associate-ssl-certificates-cloudfront/
您不能将多个 SSL 或传输层安全性 (TLS) 证书关联到单个 CloudFront 分配。但是,AWS Certificate Manager (ACM) support up to 10 subject alternative names 提供的证书包括通配符。要为通过一个 CloudFront 分配服务的多个域启用 SSL 或 HTTPS,请从 ACM 分配一个包含所有必需域的证书。
要将您自己的 SSL 证书用于 CloudFront 的多个域名,请将您的证书导入 ACM 或 AWS Identity and Access Management (IAM) 证书存储区。有关说明,请参阅 Importing an SSL/TLS Certificate。
AWS 证书管理器不允许我添加 2 级通配符域名,这将匹配 x.a.example.com、y.b.example.com 等
有解决办法吗? (而不是创建 *.a.example.com、*.b.example.com 等)
来源:http://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
Wildcard Names ACM allows you to use an asterisk (*) in the domain name to create an ACM Certificate containing a wildcard name that can protect several sites in the same domain. For example, *.example.com protects www.example.com and images.example.com.
Note: When you request a wildcard certificate, the asterisk (*) must be in the leftmost position of the domain name and can protect only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. Also note that *.example.com protects only the subdomains of example.com, it does not protect the bare or apex domain (example.com). However, you can request a certificate that protects a bare or apex domain and its subdomains by specifying multiple domain names in your request. For example, you can request a certificate that protects example.com and *.example.com.
很遗憾,这不是 possible/supported。
您可以在命名域的证书中包含 主题备用名称s 或 SAN:https://geekflare.com/san-ssl-certificate/
证书签名请求或 CSR 生成将是这样的:
openssl req -new -key my.key -out my.csr -subj "/CN=*.domain.com" -addext "subjectAltName=DNS:one.complex.domain.com,DNS:completely.another.domain.com"
此处有更多详细信息:
对于证书中的多个子域有问题的人。
来源:https://aws.amazon.com/premiumsupport/knowledge-center/associate-ssl-certificates-cloudfront/
您不能将多个 SSL 或传输层安全性 (TLS) 证书关联到单个 CloudFront 分配。但是,AWS Certificate Manager (ACM) support up to 10 subject alternative names 提供的证书包括通配符。要为通过一个 CloudFront 分配服务的多个域启用 SSL 或 HTTPS,请从 ACM 分配一个包含所有必需域的证书。
要将您自己的 SSL 证书用于 CloudFront 的多个域名,请将您的证书导入 ACM 或 AWS Identity and Access Management (IAM) 证书存储区。有关说明,请参阅 Importing an SSL/TLS Certificate。