没有自定义域的elasticbeanstalk SSL [英] elasticbeanstalk ssl without custom domain

问题描述

我正在尝试在Amazon Elastic Beanstalk上托管的令牌自动售货机上启用SSL。但是，它告诉我如果尝试启用端口443侦听器，则需要SSL证书。

I'm trying to enable SSL on a Token Vending Machine hosted on Amazon Elastic Beanstalk. However, it tells me I need an SSL certificate if I try to enable a port 443 listener.

如果我拥有自己的域，这将很有意义，但这是一个向移动应用程序分发令牌的系统机器。该URL的格式为 mytvm.elasticbeanstalk.com ，并且最终用户永远不会看到它，因此无需获取自定义域。

This would make sense if I had my own domain, but this is a system machine giving out tokens to a mobile app. The URL is of the form mytvm.elasticbeanstalk.com and will never be seen by an end user so there's no need to get a custom domain.

是否可以启用SSL，而无需将其设置为自定义域名的麻烦？我以前使用过的几乎所有主机都具有通配符SSL证书，可用于您在其主主机的子域中运行的内容。换句话说，我希望亚马逊为 *。elasticbeanstalk.com 设置通配符证书。

Is it possible to enable SSL without the hassle of setting it up on a custom domain name? Pretty much every host I've used before had a wildcard SSL certificate for stuff you ran on a subdomain of their main host. In other words I would expect Amazon to have had setup a wildcard certificate for *.elasticbeanstalk.com. Is this not the case?

推荐答案

您的应用名称可以是您的自定义域，即
，即， mytvm.elasticbeanstalk.com。

The name of your app can be your 'custom domain', i.e, mytvm.elasticbeanstalk.com.

如果您在弹性beantalk应用程序中使用负载平衡器，则可以使用此处，并使用openssl创建自己的证书。安装openssl和elastic beanstalk命令行界面后，可以按照以下步骤进行操作：输入域名 mytvm.elasticbeanstalk.com

If you are using a load-balancer with your elastic beanstalk application you can make use the directions here and use openssl to create your own cert. When you've installed openssl and the elastic beanstalk command line interface you can follow the steps by entering your domain name as 'mytvm.elasticbeanstalk.com'

使用以下命令：

C:\>openssl genrsa 1024 > privatekey.pem
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus....

C:\>openssl req -new -key privatekey.pem -out csr.pem
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated....

Country Name (2 letter code) [AU]:us
State or Province Name (full name) [Some-State]:yourstate
Locality Name (eg, city) []:cityname
Organization Name (eg, company) [Internet Widgits Pty Ltd]:youname
Organizational Unit Name (eg, section) []: your
Common Name (e.g. server FQDN or YOUR name) []:**mytvm.elasticbeanstalk.com**
...

C:\>openssl x509 -req -days 365 -in csr.pem -signkey privatekey.pem -out server.crt

C:\>iam-servercertupload -b server.crt -k privatekey.pem -s server -v

下一步，将设置更改为使用443。

Next change your setting to use 443.

这篇关于没有自定义域的elasticbeanstalk SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！