将 SSL 证书与 Amazon Cloudfront 关联时遇到问题 [英] Having trouble associated SSL cert with Amazon Cloudfront
问题描述
我正在尝试将自定义 SSL 证书与 Cloudfront 相关联.我使用证书、私钥和链将其上传到 IAM.我给了它/cloudfront的上传路径.
I'm trying to associate a custom SSL certificate with Cloudfront. I uploaded it to IAM with the cert, privatekey, and chain. I gave it an upload path of /cloudfront.
我还请求并获得了 AWS 的许可,可以在 Cloudfront 中使用自定义 SSL.
I have also requested and received permission from AWS to use custom SSL with Cloudfront.
但是,当我在云端控制台中并尝试关联证书时,按是,编辑"按钮时出现以下错误.
However, when I'm in the cloudfront console, and trying to associate the certificate, I get the follow error when I press the "Yes, Edit" button.
指定的查看器证书不存在或无效."(查看附图)
"The specified viewer certificate does not exist or is not valid." (check attached image)
我从 DNSimple 购买了通配符证书,并按照这些说明进行操作 (https://devcenter.heroku.com/articles/ssl-certificate-dnsimple)
I've purchased a wildcard cert from DNSimple, and followed these instructions (https://devcenter.heroku.com/articles/ssl-certificate-dnsimple)
你知道如何前进吗?我可能错误地制作了我的证书,但我不知道如何调试它.我是否有可能正确地制作了我的证书,而我的 aws 帐户或 Cloudfront 配置有问题?
Is there any idea how to go forward? I might have made my certificate incorrectly, but I have no idea how to debug this. Is it possible that I've made my certificate correctly, and there is just something wrong with my aws account or Cloudfront configuration?
谢谢!
推荐答案
所以我发现了问题!
DNSimple 默认为您提供 2432 位密钥,大于 Amazon 允许的最大 2048 位大小.如果要测试密钥和证书的大小,请运行以下命令:
DNSimple by default makes you a 2432 bit key, which is larger than the max size of 2048bit that Amazon allows. If you want to test the size of your key and cert, run the following:
私钥:
openssl rsa -in private.key -text -noout
示例:私钥:(2048 位)
Example: Private-Key: (2048 bit)
证书:
openssl x509 -in public.cert -text -noout
示例输出:公钥:(2048 位)
Example output: Public-Key: (2048 bit)
每个命令的输出会告诉你它有多少位.如果您从 DNSimple 购买了 SSL 证书,您可以向他们发送消息,他们可以使用不同大小重新授权您的证书/密钥.
The output of each command will tell you how many bits it is. If you bought a SSL cert from DNSimple, you can message them and they can reauthorize your cert/key with a different size.
完成此操作后,将您的证书与您的 Cloudfront 发行版相关联应该可以工作.
After doing this, associating your cert with your Cloudfront distribution should work.
这篇关于将 SSL 证书与 Amazon Cloudfront 关联时遇到问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
