如何借助新的AWS Certificate Manager服务将SSL证书添加到AWS EC2 [英] How to add SSL certificate to AWS EC2 with the help of new AWS Certificate Manager service
问题描述
AWS推出了一项新服务 AWS Certificate Manager 。我从描述中得到的一件事是,如果我们使用此服务,我们就不必再为证书付费。
AWS has come up with a new service AWS Certificate Manager. One thing I got from the description is that if we are using this service we don't have to pay for the certificate anymore.
他们正在为Elastic Load Balancer提供证书(ELB)和CloudFront,但我在任何地方都找不到EC2。
They are providing certificates for Elastic Load Balancer (ELB) and CloudFront, but I didn't find EC2 anywhere.
是否可以通过EC2使用证书?
Is there any way to use the certificate with EC2?
推荐答案
问:我可以在Amazon EC2实例或我自己的服务器上使用证书吗?
否目前,ACM提供的证书只能与特定的AWS服务一起使用。
No. At this time, certificates provided by ACM can only be used with specific AWS services.
问:使用哪种AWS服务我可以使用ACM提供的证书吗?
您可以将ACM与以下AWS服务一起使用:
You can use ACM with the following AWS services:
•Elastic Load Balancing
• Elastic Load Balancing
•Amazon CloudFront
• Amazon CloudFront
•AWS Elastic Beanstalk
• AWS Elastic Beanstalk
•Amazon API Gateway
• Amazon API Gateway
https://aws.amazon.com/certificate-manager/faqs/
您无法在直接资源不足的资源上安装由 Amazon证书管理器(ACM)创建的证书级别的访问,例如EC2或AWS外部的服务器,因为没有为您提供对私钥的访问。这些证书只能部署在由AWS基础架构管理的资源上-ELB和CloudFront-因为AWS基础架构仅保留其生成的证书的私钥副本,并通过可审核的内部访问控制将其保持在严格的安全性下。
You can't install the certificates created by Amazon Certificate Manager (ACM) on resources you have direct low-level access to, like EC2 or servers outside of AWS, because you aren't provided with access to the private keys. These certs can only be deployed on resources managed by the AWS infrastructure -- ELB and CloudFront -- because the AWS infrastructure holds the only copies of the private keys for the certificates that it generates, and maintains them under tight security with auditable internal access controls.
您必须让EC2机器在后面 CloudFront或ELB监听(或同时使用,也可以级联),以便将这些证书用于来自EC2的内容...因为您不能直接在EC2计算机上安装这些证书。
You'd have to have your EC2 machines listening behind CloudFront or ELB (or both, cascaded, would also work) in order to use these certs for content coming from EC2... because you can't install these certs directly on EC2 machines.
这篇关于如何借助新的AWS Certificate Manager服务将SSL证书添加到AWS EC2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
