带有google doamin的AWS SSL配置 [英] AWS SSL Configuration with google doamin

问题描述

我在使用Google域的AWS SSL配置时遇到问题.以下是我的网站的配置. www.abc.com Google域
myloadbalancer-XXXXXX.elb.amazon.com AWS负载均衡器

I have problem with aws SSL configuration with google domain. Follwing is the configuration my website have. www.abc.com Google domain
myloadbalancer-XXXXXX.elb.amazon.com aws load balancer

我已经在ACM上创建了SSL证书，如下图所示 AWS ACM屏幕截图

I have created SSL certificate on ACM as shown in image attached AWS ACM screenshot

然后，我使用Lister HTTPS创建loadblancer，并指向HTTP 80端口(正在运行网站的EC2实例)

Then i create loadblancer with Lister HTTPS and pointed to HTTP 80 port (EC2 instance on which website is running) Screen shot of AWS load balancer

我的Google域abc.com指向负载均衡器网址

My google domain abc.com is pointing to loadbalancer url

问题是当我在浏览器中打开负载均衡器URL时，它显示错误 NET :: ERR_CERT_COMMON_NAME_INVALID ，如附件图像中所示

Problem is when i open load balancer URL in browser it show error NET::ERR_CERT_COMMON_NAME_INVALID as showing in attached imageLoad balancer browser screenshot

当我打开google域abc.com时，它甚至没有显示HTTPS.它适用于http:abc.com

When i open google domain abc.com it doesn't even show HTTPS. It works for http:abc.com

我无法找出abc.com不能与HTTPS一起使用的原因. 我也很困惑，在AWS上，我们在ACM中为域(abc.com)设置了SSL，然后在AWS负载均衡器中使用了此证书.负载均衡器再次附加到Google域.然后谷歌域知道通过负载均衡器获取SSL.整个设置中我是否缺少任何东西

I am not able to find-out why abc.com not works with HTTPS. Also i have confusion that on aws we set SSL in ACM for domain (abc.com) and then use this certificate in aws load balancer. Again load balancer is attached to google domain . Then google domain know get SSL via load balancer .Is there anything i am missing in whole setup

推荐答案

您应该请求新证书，并同时添加*.abc.com和abc.com作为其域名. 根据文档:

You should request a new certificate and add both *.abc.com and abc.com as its domain names. According to the documentation:

当您请求通配符证书时，星号(*)必须位于 域名的最左侧位置，并且只能保护一个 子域级别.例如，*.example.com可以保护 login.example.com和test.example.com，但无法保护 test.login.example.com.另请注意，*.example.com仅保护 example.com的子域，它不保护裸域或顶点域 (example.com).但是，您可以申请一个证书来保护 通过指定多个域，将裸域或顶点域及其子域 您的请求中的名称.例如，您可以请求一个证书 保护example.com和* .example.com.

When you request a wildcard certificate, the asterisk (*) must be in the leftmost position of the domain name and can protect only one subdomain level. For example, *.example.com can protect login.example.com and test.example.com, but it cannot protect test.login.example.com. Also note that *.example.com protects only the subdomains of example.com, it does not protect the bare or apex domain (example.com). However, you can request a certificate that protects a bare or apex domain and its subdomains by specifying multiple domain names in your request. For example, you can request a certificate that protects example.com and *.example.com.

这篇关于带有google doamin的AWS SSL配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！