未为ALB侦听器列出导入的SSL证书 [英] Imported SSL Cert not listed for ALB Listener
问题描述
我已经通过DigiCert创建了SSL证书,并导入了ACM.(我要求将相同的SSL应用于ALB和应用程序,并且由于无法导入ACM证书,因此我必须遵循这种方式)
I have created an SSL cert via DigiCert and imported to ACM. (I require the same SSL to be applied to both ALB and the Application, and since there's no way to import ACM certs, I had to follow this way)
我已经成功导入了SSL,并且可以在控制台中看到它.但是,我无法将其应用于ALB 443侦听器.
I have successfully imported the SSL and can see it in the console. However, I cannot apply it to ALB 443 Listener.
-
我向CloudFormation模板提供了Cert ARN,但它失败,说明证书不存在.
I provided the Cert ARN to the CloudFormation template and it fails stating certificate don't exist.
我尝试手动更新443侦听器,但未列出证书
I have tried to manually update the 443 Listener, but the cert is not listed
由于两者均失败,因此我尝试在ALB侦听器控制台中导入证书,但收到以下错误消息.(但是,证书已导入,我可以在控制台中看到它)
Since both failed, I have tried to import the cert in the ALB Listener console, but got the below error message. (However, certificate gets imported and I can see it in the console)
更新侦听器失败.导入的证书的配置为不兼容,不会出现在可用列表中听众的证书.选择或上传其他证书,然后重试.
Updating listener failed. The imported certificate's configuration is not compatible and will not appear in the list of available certificates for your listeners. Select or upload a different certificate and try again.
推荐答案
您是否检查了应用程序负载平衡器是否支持SSL证书密钥算法?这些是受支持的算法:
Did you check whether the SSL cert key algorithm is supported by the Application Load Balancer? These are the supported Algorithms:
来源: https://aws.amazon.com/premiumsupport/knowledge-center/elb-ssl-tls-certificate-https/
您可以使用以下命令检查密钥大小:
You can check the Key sizes using these commands:
$ openssl rsa -in secret.key -text -noout | grep "Private-Key"
Private-Key: (2048 bit)
$ openssl x509 -in certificate.crt -text -noout | grep "Public-Key"
RSA Public-Key: (2048 bit)
如@ aress-support所述,您可以使用IAM导入证书. https://aws.amazon.com/premiumsupport/知识中心/import-ssl-certificate-to-iam/
As mentioned by @aress-support, you can use IAM to import the certificate. https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/
这篇关于未为ALB侦听器列出导入的SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
