如何借助新的 AWS Certificate Manager 服务将 SSL 证书添加到 AWS EC2 [英] How to add SSL certificate to AWS EC2 with the help of new AWS Certificate Manager service

问题描述

AWS 推出了一项新服务 AWS Certificate Manager.我从描述中得到的一件事是，如果我们使用这项服务，我们就不必再为证书付费了.

AWS has come up with a new service AWS Certificate Manager. One thing I got from the description is that if we are using this service we don't have to pay for the certificate anymore.

他们正在为 Elastic Load Balancer (ELB) 和 CloudFront 提供证书，但我在任何地方都没有找到 EC2.

They are providing certificates for Elastic Load Balancer (ELB) and CloudFront, but I didn't find EC2 anywhere.

有什么办法可以在 EC2 中使用证书吗?

Is there any way to use the certificate with EC2?

推荐答案

问:我可以在 Amazon EC2 实例或我自己的服务器上使用证书吗?

没有.目前，ACM 提供的证书只能用于特定的 AWS 服务.

No. At this time, certificates provided by ACM can only be used with specific AWS services.

问:我可以将 ACM 提供的证书用于哪些 AWS 服务?

您可以将 ACM 与以下 AWS 服务结合使用:

You can use ACM with the following AWS services:

• 弹性负载平衡

• 亚马逊 CloudFront

• Amazon CloudFront

• AWS Elastic Beanstalk

• AWS Elastic Beanstalk

• 亚马逊 API 网关

• Amazon API Gateway

https://aws.amazon.com/certificate-manager/faqs/

您无法在您的资源上安装由 Amazon Certificate Manager (ACM) 创建的证书具有对 EC2 或 AWS 之外的服务器的直接低级访问权限，因为您无法访问私钥.这些证书只能部署在由 AWS 基础设施(ELB 和 CloudFront)管理的资源上，因为 AWS 基础设施持有它生成的证书的私钥的唯一副本，并通过可审计的内部访问控制将它们保持在严格的安全性下.

You can't install the certificates created by Amazon Certificate Manager (ACM) on resources you have direct low-level access to, like EC2 or servers outside of AWS, because you aren't provided with access to the private keys. These certs can only be deployed on resources managed by the AWS infrastructure -- ELB and CloudFront -- because the AWS infrastructure holds the only copies of the private keys for the certificates that it generates, and maintains them under tight security with auditable internal access controls.

你必须让你的 EC2 机器监听后面 CloudFront 或 ELB(或两者，级联，也可以工作)，以便将这些证书用于来自 EC2 的内容......因为你不能直接在 EC2 机器上安装这些证书.

You'd have to have your EC2 machines listening behind CloudFront or ELB (or both, cascaded, would also work) in order to use these certs for content coming from EC2... because you can't install these certs directly on EC2 machines.

这篇关于如何借助新的 AWS Certificate Manager 服务将 SSL 证书添加到 AWS EC2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！