使用 python 在 AWS ACM 中导入证书
Import certificate in AWS ACM using python
我正在使用 python 将 openssl 证书导入 AWS ACM。我总是遇到错误:
Response:
{
"errorMessage": "An error occurred (ValidationException) when calling the ImportCertificate operation: The certificate field contains more than one certificate. You can specify only one certificate in this field.",
"errorType": "ClientError",
"stackTrace": [
" File \"/var/task/lambda_function.py\", line 7, in lambda_handler\n response = client.import_certificate(\n",
" File \"/var/runtime/botocore/client.py\", line 316, in _api_call\n return self._make_api_call(operation_name, kwargs)\n",
" File \"/var/runtime/botocore/client.py\", line 626, in _make_api_call\n raise error_class(parsed_response, operation_name)\n"
]
}
这是我的代码:
import boto3
client = boto3.client('acm')
def lambda_handler(event, context):
response = client.import_certificate(
Certificate='sample.vpn.crt',
PrivateKey='sample.vpn.key',
CertificateChain='ca.crt'
)
如有任何帮助,我们将不胜感激。
如boto3 docs所述,三个参数的类型不应该是字符串,而是字节。对我来说有什么诀窍是像这样从包中读取证书文件:
import boto3
client = boto3.client('acm')
def lambda_handler(event, context):
certificate=open('sample.vpn.crt', 'rb').read()
privatekey=open('sample.vpn.key', 'rb').read()
chain=open('ca.crt', 'rb').read()
response = client.import_certificate(
Certificate=certificate,
PrivateKey=privatekey,
CertificateChain=chain
)
不幸的是,在这种情况下,错误消息有点误导。如果您仍然收到与此相同的错误消息,请确保您的证书文件具有 ACM 要求的格式。您可以通过尝试使用 ACM 控制台导入证书来测试它。如果您收到相同的错误,请按照 AWS 在此 troubleshooting page.
上提供的步骤进行操作
发生错误是因为您应该传递证书的值,而不是文件名:
CertificateArn='string',
Certificate=b'bytes',
PrivateKey=b'bytes',
因此,您可以尝试以下方法:
with open('sample.vpn.pem','r') as f:
crt = f.read()
with open('sample.vpn.pem','rb') as f:
key = f.read()
with open('ca.crt','rb') as f:
chain = f.read()
response = client.import_certificate(
Certificate=crt,
PrivateKey=key,
CertificateChain=chain)
我正在使用 python 将 openssl 证书导入 AWS ACM。我总是遇到错误:
Response:
{
"errorMessage": "An error occurred (ValidationException) when calling the ImportCertificate operation: The certificate field contains more than one certificate. You can specify only one certificate in this field.",
"errorType": "ClientError",
"stackTrace": [
" File \"/var/task/lambda_function.py\", line 7, in lambda_handler\n response = client.import_certificate(\n",
" File \"/var/runtime/botocore/client.py\", line 316, in _api_call\n return self._make_api_call(operation_name, kwargs)\n",
" File \"/var/runtime/botocore/client.py\", line 626, in _make_api_call\n raise error_class(parsed_response, operation_name)\n"
]
}
这是我的代码:
import boto3
client = boto3.client('acm')
def lambda_handler(event, context):
response = client.import_certificate(
Certificate='sample.vpn.crt',
PrivateKey='sample.vpn.key',
CertificateChain='ca.crt'
)
如有任何帮助,我们将不胜感激。
如boto3 docs所述,三个参数的类型不应该是字符串,而是字节。对我来说有什么诀窍是像这样从包中读取证书文件:
import boto3
client = boto3.client('acm')
def lambda_handler(event, context):
certificate=open('sample.vpn.crt', 'rb').read()
privatekey=open('sample.vpn.key', 'rb').read()
chain=open('ca.crt', 'rb').read()
response = client.import_certificate(
Certificate=certificate,
PrivateKey=privatekey,
CertificateChain=chain
)
不幸的是,在这种情况下,错误消息有点误导。如果您仍然收到与此相同的错误消息,请确保您的证书文件具有 ACM 要求的格式。您可以通过尝试使用 ACM 控制台导入证书来测试它。如果您收到相同的错误,请按照 AWS 在此 troubleshooting page.
上提供的步骤进行操作发生错误是因为您应该传递证书的值,而不是文件名:
CertificateArn='string',
Certificate=b'bytes',
PrivateKey=b'bytes',
因此,您可以尝试以下方法:
with open('sample.vpn.pem','r') as f:
crt = f.read()
with open('sample.vpn.pem','rb') as f:
key = f.read()
with open('ca.crt','rb') as f:
chain = f.read()
response = client.import_certificate(
Certificate=crt,
PrivateKey=key,
CertificateChain=chain)