Amazon S3 - HTTPS/SSL - 有可能吗? [英] Amazon S3 - HTTPS/SSL - Is it possible?

问题描述

我看到了一些与此相关的其他问题，但没有任何真正的答案或信息(或者看起来如此).

I saw a few other questions regarding this without any real answers or information (or so it appeared).

我在这里有一张图片:
http://furniture.retailcatalog.us/products/2061/6262u9665.jpg

重定向到:
http://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg

我需要它 (https):
https://furniture.retailcatalog.us/products/2061/6262u9665.jpg

I need it to be (https):
https://furniture.retailcatalog.us/products/2061/6262u9665.jpg

所以我在retailcatalog.us(我们有其他子域)上安装了通配符ssl，但它不起作用.我去检查
https://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg

So I installed a wildcard ssl on retailcatalog.us (we have other subdomains), but it wasn't working. I went to check
https://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg

而且它不起作用，这意味着在 Amazon S3 网站本身上，https 不起作用.

And it wasn't working, which means on the Amazon S3 website itself the https wasn't working.

我该如何完成这项工作?

How do I make this work?

推荐答案

这是我从他们的高级服务中得到的回复

This is a response I got from their Premium Services

你好

这实际上是 SSL 验证包含句点、."、> 的名称的方式的问题.特点.我们已在此处记录了此行为:

This is actually a issue with the way SSL validates names containing a period, '.', > character. We've documented this behavior here:

http://docs.amazonwebservices.com/AmazonS3/latest/dev/BucketRestrictions.html

对此唯一直接的解决方法是使用不包含该字符的存储桶名称.您可以改为使用名为furniture-retailcatalog-us"的存储桶.这将允许您使用 HTTPS 与

The only straight-forward fix for this is to use a bucket name that does not contain that character. You might instead use a bucket named 'furniture-retailcatalog-us'. This would allow you use HTTPS with

https://furniture-retailcatalog-us.s3.amazonaws.com/

当然，您可以添加 CNAME DNS 记录以使其更友好.例如，

You could, of course, put a CNAME DNS record to make that more friendly. For example,

images-furniture.retailcatalog.us IN CNAME Furniture-retailcatalog-us.s3.amazonaws.com.

images-furniture.retailcatalog.us IN CNAME furniture-retailcatalog-us.s3.amazonaws.com.

希望有所帮助.如果您有任何其他问题，请告诉我们.

Hope that helps. Let us know if you have any other questions.

亚马逊网络服务

不幸的是你的友好"CNAME 在验证证书时会导致主机名不匹配，因此您不能真正将其用于安全连接.S3 缺少的一个重要功能是接受域的自定义证书.

Unfortunately your "friendly" CNAME will cause host name mismatch when validating the certificate, therefore you cannot really use it for a secure connection. A big missing feature of S3 is accepting custom certificates for your domains.

更新 10/2/2012

来自@mpoisot:

From @mpoisot:

亚马逊提供的链接不再提及 https.我在 S3 文档中四处寻找，最后在虚拟主机页面上找到了一个关于它的小注释:http://docs.amazonwebservices.com/AmazonS3/latest/dev/VirtualHosting.html

The link Amazon provided no longer says anything about https. I poked around in the S3 docs and finally found a small note about it on the Virtual Hosting page: http://docs.amazonwebservices.com/AmazonS3/latest/dev/VirtualHosting.html

更新 6/17/2013

来自@Joseph Lust:

From @Joseph Lust:

刚收到！检查并注册邀请:http://aws.amazon.com/cloudfront/custom-ssl-domains

Just got it! Check it out and sign up for an invite: http://aws.amazon.com/cloudfront/custom-ssl-domains

这篇关于Amazon S3 - HTTPS/SSL - 有可能吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！