为自定义域启用SSL时,Google App Engine中未列出子域 [英] Sub domain not listed in Google App Engine while enabling SSL for custom domains
问题描述
我一直在尝试在GAE中为我的应用在子域上使用自己的SSL证书.我已经成功创建了证书,并且能够为一个子域以外的所有域启用该证书.
I have been trying to use my own SSL certificate on subdomains for my app in GAE. I have successfully created the certificate and was able to enable it for all but one subdomain.
比方说我的域名是domain.com.我能够为domain.com,www.domain.com,subdomain.domain.com启用SSL证书,但是由于某些原因,www.subdomain.domain.com并未显示在我的证书的潜在自定义域列表中.在这种情况下,我无法通过 https://www.subdomain.domain.com 访问我的网站但可以通过 https://subdomain.domain.com .
Let's say my domain is domain.com. I was able to enable the SSL certificate for domain.com, www.domain.com, subdomain.domain.com but for some reason, www.subdomain.domain.com does not show in the list of potential custom domains for my certificate. In this situation, I can not access my website through https://www.subdomain.domain.com but can through https://subdomain.domain.com.
此外,我可以为此子域激活一个由Google管理的证书,从而使 https://www.subdomain.domain .com 可以访问,但是,这当然不是我想要的.关于如何使www.subdomain.domain.com在我的证书的域列表中可见的任何线索,然后才能将其打开?
Also, I can activate a google managed certificate for this subdomain, making https://www.subdomain.domain.com accessible, but of course, this is not what I want. Any clue on how to make www.subdomain.domain.com visible in the domains list of my certificate in order to then be able to turn it on?
此帖子报告的问题与此问题类似.可悲的是,没有人提供答案,我没有足够的声誉对此事发表评论...
This post is reporting a similar issue than this one. Sadly, no one has provided an answer and I do not have enough reputation to comment on it...
推荐答案
多级域可能很棘手.从获得的证书类型开始.来自 RFC 2818 (重点是我):
Multi-level domains may be tricky. Starting with the type of the certificate obtained. From RFC 2818 (emphasis mine):
名称可能包含通配符*,该通配符被认为是 匹配任何单个域名组件或组件片段. 例如
*.a.com匹配foo.a.com,但不匹配bar.foo.a.com. f * .com 匹配foo.com但不匹配bar.com.
Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g.,
*.a.commatchesfoo.a.combut notbar.foo.a.com. f*.com matches foo.com but not bar.com.
我怀疑这是造成您麻烦的原因. Google还在 App Engine支持中提及SSL证书:
I suspect this is what's causing your trouble. Google also mentions in App Engine support for SSL certificates:
通配符证书仅支持一级子域.
Wildcard certificates only support one level of subdomain.
尝试使用Google管理的证书时,证书很可能是针对相应域生成的,而不是通配符生成的,因此不会出现上述引用中提到的问题.
When trying the google-managed certificate the certificate is likely generated exactly for the respective domain, not a wildcard one, thus not having the problem mentioned in the above quote.
我想想到的唯一方法是为每个域级别获取一个单独的通配符证书.但是,如果您将用户引导到不同域级别的站点,则可能会出现问题,因为证书会更改.
The only way I can think of to get this working is to obtain a separate wildcard certificate for the each domain level. But that could be a problem if you direct users to sites at different domain levels, as the certificate would change.
就我个人而言,我只是将我的域名安排在一个域级别内,并避免所有这些问题.也许使用www-subdomain.domain.com而不是www.subdomain.domain.com吗?
Personally I'd just arrange my domain names to be contained into just one domain level and avoid all these issues. Maybe with something like www-subdomain.domain.com instead of www.subdomain.domain.com?
这篇关于为自定义域启用SSL时,Google App Engine中未列出子域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
