使用 python 在 AWS ACM 中导入证书

Import certificate in AWS ACM using python

我正在使用 python 将 openssl 证书导入 AWS ACM。我总是遇到错误:

Response:
{
      "errorMessage": "An error occurred (ValidationException) when calling the ImportCertificate operation: The certificate field contains more than one certificate. You can specify only one certificate in this field.",
      "errorType": "ClientError",
      "stackTrace": [
        "  File \"/var/task/lambda_function.py\", line 7, in lambda_handler\n    response = client.import_certificate(\n",
        "  File \"/var/runtime/botocore/client.py\", line 316, in _api_call\n    return self._make_api_call(operation_name, kwargs)\n",
        "  File \"/var/runtime/botocore/client.py\", line 626, in _make_api_call\n    raise error_class(parsed_response, operation_name)\n"
      ]
}

这是我的代码:

import boto3

client = boto3.client('acm')

def lambda_handler(event, context):
    response = client.import_certificate(
        Certificate='sample.vpn.crt',
        PrivateKey='sample.vpn.key',
        CertificateChain='ca.crt'
    )

如有任何帮助,我们将不胜感激。

boto3 docs所述,三个参数的类型不应该是字符串,而是字节。对我来说有什么诀窍是像这样从包中读取证书文件:

import boto3

client = boto3.client('acm')

def lambda_handler(event, context):
    certificate=open('sample.vpn.crt', 'rb').read()
    privatekey=open('sample.vpn.key', 'rb').read()
    chain=open('ca.crt', 'rb').read()

    response = client.import_certificate(
        Certificate=certificate,
        PrivateKey=privatekey,
        CertificateChain=chain
    )

不幸的是,在这种情况下,错误消息有点误导。如果您仍然收到与此相同的错误消息,请确保您的证书文件具有 ACM 要求的格式。您可以通过尝试使用 ACM 控制台导入证书来测试它。如果您收到相同的错误,请按照 AWS 在此 troubleshooting page.

上提供的步骤进行操作

发生错误是因为您应该传递证书的值,而不是文件名:

    CertificateArn='string',
    Certificate=b'bytes',
    PrivateKey=b'bytes',

因此,您可以尝试以下方法:

with open('sample.vpn.pem','r') as f:
    crt = f.read()

with open('sample.vpn.pem','rb') as f:
    key = f.read()

with open('ca.crt','rb') as f:
    chain = f.read()

response = client.import_certificate(
    Certificate=crt,
    PrivateKey=key,
    CertificateChain=chain)