将SSL证书上传到IAM [英] Uploading SSL certificates TO IAM
问题描述
我有4个从CA(SSL)收到的证书:
I have 4 certificates which i received from CA (SSL) :
根CA证书-123.crt
Root CA Certificate - 123.crt
中级CA证书-456.crt
Intermediate CA Certificate - 456.crt
中级CA证书-789.crt
Intermediate CA Certificate - 789.crt
您的PositiveSSL证书-654.crt
Your PositiveSSL Certificate - 654.crt
我生成了circuit.pem
-私钥和csr.pem
,我通过这些证书获得了这些证书.
I have generated circuit.pem
-private key and csr.pem
through which I got these certificates.
现在,我想使用
aws iam upload-server-certificate --server-certificate-name certificate_object_name --certificate-body file://public_key_certificate_file --private-key file://privatekey.pem --certificate-chain file://certificate_chain_file
但是我无法确定哪个服务器证书以及如何上传所有证书.
But I am not able to gauge which is my server certificate and how can I upload my all certificates.
请使用上述命令为我的上述证书提供帮助.
Please help me with the above command for my above certificates.
我尝试过:
aws iam upload-server-certificate --server-certificate-name MyServerCertificate --certificate-body file://www_advisorcircuit_com.crt --private-key file://circuit.pem --certificate-chain file://COMODORSAAddTrustCA.crt
我收到此错误:
A client error (InvalidClientTokenId) occurred when calling the UploadServerCertificate operation: The security token included in the request is invalid.
推荐答案
我不得不说,让它正常工作是一个巨大的麻烦.基本上,您缺少用户配置详细信息.您必须在此处 https://console.aws.amazon使用IAM服务在Amazon上创建用户. com/iam/home .请注意网址中您所在的区域,稍后再使用.因此,创建一个用户,附加一个策略(我附加了AdministratorAccess),创建访问密钥",下载该用户的凭据并使用它们来运行:
I have to say, getting this to work was a huge pain in the ass. Basically you are missing the user configuration details. You have to create a user on Amazon using the IAM service here https://console.aws.amazon.com/iam/home. Pay attention to what your region is in the url, you'll need that later. So create a user, attach a policy (I attached AdministratorAccess), "Create Access Key", download credentials for the user and use them to run:
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json
关于使证书安装命令起作用的一些警告.确保文件具有可读权限....我想我指定了664.我在所有文件上都指定了.pem扩展名...我相信AWS首选老式的学校风格密钥文件,因此我必须运行
Some caveats on getting the certificate install command to work. Make sure the file's have readable permissions....I think I specified 664. I specified the .pem extension on all the files...I believe AWS prefers the old school style key files, so I had to run
openssl rsa -in my_key.key -text > new_key.pem
这篇关于将SSL证书上传到IAM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!