如何从 java 中的 AWS 证书管理器访问证书详细信息和私钥以构建 SSLContext?
How to access certificate details and private key from AWS certificate manager in java to build SSLContext?
我正在从此代码中获取证书,但未获取私钥
AWSCertificateManager client = AWSCertificateManagerClientBuilder.standard()
.withRegion(Regions.#####)
.withCredentials(DefaultAWSCredentialsProviderChain.getInstance())
.build();
GetCertificateRequest req = new GetCertificateRequest();
req.setCertificateArn("################################");
// Retrieve the certificate and certificate chain.
// If you recently requested the certificate, loop until it has been created.
GetCertificateResult result = null;
long totalTimeout = 120000l;
long timeSlept = 0l;
long sleepInterval = 10000l;
while (result == null && timeSlept < totalTimeout) {
try {
result = client.getCertificate(req);
String certificate = result.getCertificate();
String certificate_chain = result.getCertificateChain();
}
catch (RequestInProgressException ex) {
Thread.sleep(sleepInterval);
}
catch (ResourceNotFoundException ex)
{
throw ex;
}
catch (InvalidArnException ex)
{
throw ex;
}
timeSlept += sleepInterval;
}
AWS Certificate Manager 有两个主要选项,Certificates 和 Private CA。
Free public certificates for ACM-integrated services With AWS
Certificate Manager, there is no additional charge for provisioning
public or private SSL/TLS certificates you use with ACM-integrated
services, such as Elastic Load Balancing and API Gateway. You pay for
the AWS resources you create to run your application. For private
certificates, ACM Private CA provides you the ability to pay monthly
for the service and certificates you create. You pay less per
certificate as you create more private certificates.
所以基本上 Certificates 由 AWS 管理并与其他服务集成。在此选项中,您不能将此证书与其他非 AWS 资源一起使用,因此您无法访问证书私钥。
使用 Private CA AWS 为您管理 CA。您可以创建证书,在这种情况下,您可以完全访问该证书,甚至私钥。它不与其他 AWS 服务集成。
如果您想获取证书以在您的实例中使用,例如 Apache 或 Nginx。最好的方法是在您的实例前面有一个 ALB。 ALB 将使用来自 ACM 的 public 证书。
在此之后,您可以决定是否要在 ALB 和您的实例之间进行加密。
如果您想要端到端加密,您可以使用自签名证书,因为 ALB 不会验证它,或者您可以使用来自 ACM Private CA 的证书。
我正在从此代码中获取证书,但未获取私钥
AWSCertificateManager client = AWSCertificateManagerClientBuilder.standard()
.withRegion(Regions.#####)
.withCredentials(DefaultAWSCredentialsProviderChain.getInstance())
.build();
GetCertificateRequest req = new GetCertificateRequest();
req.setCertificateArn("################################");
// Retrieve the certificate and certificate chain.
// If you recently requested the certificate, loop until it has been created.
GetCertificateResult result = null;
long totalTimeout = 120000l;
long timeSlept = 0l;
long sleepInterval = 10000l;
while (result == null && timeSlept < totalTimeout) {
try {
result = client.getCertificate(req);
String certificate = result.getCertificate();
String certificate_chain = result.getCertificateChain();
}
catch (RequestInProgressException ex) {
Thread.sleep(sleepInterval);
}
catch (ResourceNotFoundException ex)
{
throw ex;
}
catch (InvalidArnException ex)
{
throw ex;
}
timeSlept += sleepInterval;
}
AWS Certificate Manager 有两个主要选项,Certificates 和 Private CA。
Free public certificates for ACM-integrated services With AWS
Certificate Manager, there is no additional charge for provisioning public or private SSL/TLS certificates you use with ACM-integrated services, such as Elastic Load Balancing and API Gateway. You pay for the AWS resources you create to run your application. For private certificates, ACM Private CA provides you the ability to pay monthly for the service and certificates you create. You pay less per certificate as you create more private certificates.
所以基本上 Certificates 由 AWS 管理并与其他服务集成。在此选项中,您不能将此证书与其他非 AWS 资源一起使用,因此您无法访问证书私钥。
使用 Private CA AWS 为您管理 CA。您可以创建证书,在这种情况下,您可以完全访问该证书,甚至私钥。它不与其他 AWS 服务集成。
如果您想获取证书以在您的实例中使用,例如 Apache 或 Nginx。最好的方法是在您的实例前面有一个 ALB。 ALB 将使用来自 ACM 的 public 证书。
在此之后,您可以决定是否要在 ALB 和您的实例之间进行加密。
如果您想要端到端加密,您可以使用自签名证书,因为 ALB 不会验证它,或者您可以使用来自 ACM Private CA 的证书。