为自定义域启用 SSL 时,子域未在 Google App Engine 中列出 [英] Sub domain not listed in Google App Engine while enabling SSL for custom domains
问题描述
我一直在尝试在 GAE 中的应用程序的子域上使用我自己的 SSL 证书.我已成功创建证书,并且能够为除一个子域之外的所有子域启用它.
I have been trying to use my own SSL certificate on subdomains for my app in GAE. I have successfully created the certificate and was able to enable it for all but one subdomain.
假设我的域是 domain.com.我能够为 domain.com、www.domain.com、subdomain.domain.com 启用 SSL 证书,但由于某种原因,www.subdomain.domain.com 未显示在我的证书的潜在自定义域列表中.在这种情况下,我无法通过 https://www.subdomain.domain.com 访问我的网站但可以通过 https://subdomain.domain.com.
Let's say my domain is domain.com. I was able to enable the SSL certificate for domain.com, www.domain.com, subdomain.domain.com but for some reason, www.subdomain.domain.com does not show in the list of potential custom domains for my certificate. In this situation, I can not access my website through https://www.subdomain.domain.com but can through https://subdomain.domain.com.
另外,我可以为这个子域激活谷歌管理的证书,使 https://www.subdomain.domain.com 可访问,但当然,这不是我想要的.关于如何在我的证书的域列表中显示 www.subdomain.domain.com 以便随后能够打开它的任何线索?
Also, I can activate a google managed certificate for this subdomain, making https://www.subdomain.domain.com accessible, but of course, this is not what I want. Any clue on how to make www.subdomain.domain.com visible in the domains list of my certificate in order to then be able to turn it on?
这篇文章报告了一个与这个类似的问题.可悲的是,没有人提供答案,我也没有足够的声誉对此发表评论......
This post is reporting a similar issue than this one. Sadly, no one has provided an answer and I do not have enough reputation to comment on it...
推荐答案
多级域可能很棘手.从获得的证书类型开始.来自 RFC 2818(重点是我的):
Multi-level domains may be tricky. Starting with the type of the certificate obtained. From RFC 2818 (emphasis mine):
名称可能包含通配符 *,它被认为是匹配任何单个域名组件或组件片段.例如,*.a.com 匹配 foo.a.com 但不匹配 bar.foo.a.com. f*.com匹配 foo.com 但不匹配 bar.com.
Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g.,
*.a.commatchesfoo.a.combut notbar.foo.a.com. f*.com matches foo.com but not bar.com.
我怀疑这就是导致您遇到麻烦的原因.Google 还在 App Engine 支持中提到SSL 证书:
I suspect this is what's causing your trouble. Google also mentions in App Engine support for SSL certificates:
通配符证书仅支持一级子域.
Wildcard certificates only support one level of subdomain.
在尝试使用 google 管理的证书时,证书很可能是为相应域生成的,而不是通配符,因此不会出现上述引用中提到的问题.
When trying the google-managed certificate the certificate is likely generated exactly for the respective domain, not a wildcard one, thus not having the problem mentioned in the above quote.
我能想到的唯一方法是为每个域级别获取单独的通配符证书.但是,如果您将用户定向到不同域级别的站点,这可能会出现问题,因为证书会发生变化.
The only way I can think of to get this working is to obtain a separate wildcard certificate for the each domain level. But that could be a problem if you direct users to sites at different domain levels, as the certificate would change.
就我个人而言,我只是将我的域名安排在一个域级别中,并避免所有这些问题.也许用 www-subdomain.domain.com 而不是 www.subdomain.domain.com 之类的东西?
Personally I'd just arrange my domain names to be contained into just one domain level and avoid all these issues. Maybe with something like www-subdomain.domain.com instead of www.subdomain.domain.com?
这篇关于为自定义域启用 SSL 时,子域未在 Google App Engine 中列出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
