AWS CloudFront 表示 public 键是 invalid/out 限制

AWS CloudFront says public key is invalid/out of limits

我正在尝试在 AWS CloudFront 上上传 public 密钥。我生成密钥如下

ssh-keygen -t ecdsa -b 521

我也试过了

ssh-keygen -b 4096

当我通过控制台上传时,出现以下错误:com.amazonaws.services.cloudfront.model.InvalidArgumentException:您的请求包含 empty/invalid/out 个限制的 RSA 编码密钥(服务:AmazonCloudFront;状态代码:400;错误代码: InvalidArgument; 请求 ID: 08fa98af-0c02-11ea-b06e-d771d01bbfcb)

ssh -V的结果是"OpenSSH_7.7p1, OpenSSL 1.0.2p 14 Aug 2018"。

如有任何帮助,我们将不胜感激。谢谢。

我是这样生成密钥解决的:

openssl genrsa -out key.pem

openssl rsa -pubout -in key.pem -out pubkey.pem

并上传结果 pubkey.pem。我仍然不确定我以前的方法不起作用的具体原因。

这是因为 CloudFront 不支持长度为 4096 位的密钥。 当您 运行 命令 openssl rsa -pubout -in key.pem -out pubkey.pem 它默认生成它接受的 2048 位密钥。

The length of the public key for a certificate depends on where you're storing it.

Importing a certificate into AWS Certificate Manager (ACM): public key length must be 1024 or 2048 bits. The limit for a certificate that you use with CloudFront is 2048 bits, even though ACM supports larger keys.

Uploading a certificate to the AWS Identity and Access Management (IAM) certificate store: maximum size of the public key is 2048 bits.

CloudFront SSL