“公钥证书和私钥不匹配"使用 Godaddy 颁发的证书时 [英] "Public key certificate and private key doesn't match" when using Godaddy issued certificate
问题描述
我正在尝试在我在 Amazon AWS 上设置的新负载均衡器上安装 GoDaddy SSL 证书.我最初在 Godaddy 使用 keytool 程序创建了证书,用于直接安装在 Glassfish 3.1 服务器(Amazon linux ami)上.我直接在服务器上进行设置没有问题.我现在需要将证书从 Web 服务器移动到新的负载均衡器.Amazon 要求私钥和证书必须是 PEM 格式,所以我使用 GoDaddy 的rekey"工具来创建新证书.当我在 AWS Mgmt 控制台的负载均衡器设置屏幕中加载它们时,我收到错误消息:公钥证书和私钥不匹配."
I'm trying to install a GoDaddy SSL certificate on a new load balancer I'm setting up on Amazon AWS. I originally created the certificate at Godaddy using the keytool program for direct installation on a Glassfish 3.1 server (Amazon linux ami). I had no problems getting that setup directly on the server. I now need to move the certificate from the web server to the new load balancer. Amazon requires the private key and certs to be in PEM format, so I used the "rekey" tool at GoDaddy to create new certs. When I load those in the load balancer setup screen on AWS Mgmt Console, I get the error message: "Public Key Certificate and Private Key doesn't match."
这是我创建密钥的方式:
Here is how I'm creating the keys:
$ openssl genrsa -des3 -out private.key 2048
$ openssl req -new -key private.key -out apps.mydomain.com.csr
然后我在重新生成密钥"过程中将 .csr 文件提交给 GoDaddy.更新密钥完成后,我下载了 2 个新创建的证书(apps.mydomain.com.crt & gd_bundle.crt).我下载它们时选择(Apache)作为服务器类型(我也尝试过其他"和Cpanel",但看起来都一样).
I then submit the .csr file to GoDaddy during the "rekey" process. Once the rekey is complete, I download the 2 newly created certs (apps.mydomain.com.crt & gd_bundle.crt). I download them selecting (Apache) as the type of server (I've also tried "other" and "Cpanel" but the all look to be the same).
此时,我使用以下命令从 private.key 文件中删除加密:
At this point, I remove the encryption from the private.key file by using the following command:
$ openssl rsa -in private.key -out private.pem
此时,我返回 AWS Mgmt 控制台,创建负载均衡器,添加安全服务器重定向并将以下文件的内容放在屏幕上要求设置 ssl 证书的相应字段中:
At this point, I go back into the AWS Mgmt console, create the load balancer, add the secure server redirect and put the contents of the following files in the respective fields on the screen where it asks to setup the ssl certificate:
private.pem --> Private Key
apps.mydomain.com.crt --> Public Key Certificate
gd_bundle.crt --> Certificate Chain
当我单击继续按钮"时,我收到错误消息错误:公钥证书和私钥不匹配."
When I click the "continue button" I get the error "Error: Public Key Certificate and Private Key doesn't match."
-有没有一种方法可以测试我是否从亚马逊收到了有效的错误消息?当我非常严格地遵循 GoDaddy 的说明时,密钥不匹配,这对我来说似乎很奇怪.
-Is there a way that I can test that I'm getting a valid error message from Amazon? It seems odd to me that the keys wouldn't match when I'm following GoDaddy's instructions pretty closely.
在创建 .csr 之前,我尝试创建没有 RSA 加密的 private.key 文件,但这似乎没有任何区别.
I've tried creating the private.key file without RSA encryption prior to creating the .csr and that doesn't seem to make any difference.
我还假设我从 GoDaddy 下载的 .crt 文件是 .PEM 格式,但我不确定如何验证这一点.
I'm also assuming that the .crt files I'm downloading from GoDaddy are in .PEM format, but I'm not sure how to verify this.
有什么想法吗?
推荐答案
看起来问题是我将密钥和证书的内容复制到 AWS 管理控制台的方式.我在 Windows 7 桌面上使用在 Virtual Box 中运行的 Ubuntu 桌面;将 gedit 屏幕中的值复制并粘贴到 Windows 框上运行的浏览器中.一旦我在与 Web 浏览器(在本例中为 Windows)相同的盒子上打开密钥和证书文件,证书就顺利通过了.我猜在使用 Virtual Box 客户端和主机之间的共享剪贴板时,文件的某些部分没有正确完成.结案.
Looks like the issue was the way in which I was copying the contents of the key and certs into the AWS Management console. I was using an Ubuntu desktop running in Virtual Box on a Windows 7 desktop; copy and pasting the values from a gedit screen into the browser running on the Windows box. Once I opened the key and cert files on the same box as the web browser (Windows in this case) the certs went through just fine. I'm guessing some parts of the file aren't making it over correctly when using the shared clip board between Virtual Box client and host. Case closed.
这篇关于“公钥证书和私钥不匹配"使用 Godaddy 颁发的证书时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
