在一个EC2实例安装SSL证书 [英] Setup an SSL certificate on an EC2 instance

问题描述

我在困难时期试图建立一个SSL证书（这是一个魔岛PositiveSSL从NameCheap purshased）在我的EC2实例微（我使用的是亚马逊的Linux AMI 2012.3，这是基于CentOS的，如果我没有记错）。

下面是我所做的：

1. 我安装了mod_ssl＆放大器; OpenSSL的

2. 我启用端口443对我的EC2的实例安全小组

3. 我CHMODed的* .KEY和放大器; * .crt的文件，以777为科摩多建议

4. 我敢肯定的IP地址和放大器;文件的路径是正确的（放了一堆 0的例子，但它的是在我的ssl.conf正确的）

5. 我加入这个虚拟主机条目的ssl.conf

---

 ＆LT;虚拟主机00.000.000.00:443>
   #############我都尝试用和放大器;没有这部分##############
   服务器名www.mydomain.com:443

   ServerAlias​​ www.mydomain.com
   的DocumentRoot的/ var / WWW
   的ServerAdmin webmaster@mydomain.com
   ################################################## ####################

   的SSLEngine上
   了SSLCertificateKeyFile /etc/ssl/mydomain_com.key
   了SSLCertificateFile /etc/ssl/mydomain_com.crt
   SSLCertificateChainFile /etc/ssl/mydomain_com.ca-bundle
＆LT; /虚拟主机＆GT;
 

---

然后我重新启动Apache的 ...但我的还是老样子不能访问 https：//开头www.mydomain.com/ ！

我检查了 ssltool.com ，它说：

 证书上的名称为：IP-00-00-00-000

证书链组成：
SomeOrganization，IP-00-00-00-000。截止日期：4月10日13时39分41秒2013 GMT  - 这是从今天363天。
该网站测试mydomain.com是不一样的主题CN的IP-00-00-00-000！
 

我还跟＆放大器;复制VistualHost到httpd.conf文件代替的ssl.conf和放大器;重新启动的阿帕奇，一切都是徒劳的。

我一直在敲打我的头靠在墙上天了。我是pretty的肯定，我错过了微小的东西，使这项工作，我只是不知道究竟是什么。

我会无限感激，如果有人能提出好的建议，使这项工作！

解决方案

有时候，这部分

 ＆LT;虚拟主机_default_：443＆GT;
 

prevents 的被利用你的真正的SSL证书。如果是这样的情况下，或者评论虚拟主机的默认的或移动SSLCertificate *赋予它的，即

 ＆LT;虚拟主机_default_：443＆GT;
  了SSLCertificateKeyFile /etc/ssl/mydomain_com.key
  了SSLCertificateFile /etc/ssl/mydomain_com.crt
  SSLCertificateChainFile /etc/ssl/mydomain_com.ca-bundle
＆LT; /虚拟主机＆GT;
 

请确保你在那之后重新启动Apache。

I'm having hard time trying to setup an SSL certificate (it's a Comodo PositiveSSL purshased from NameCheap) on my EC2 micro instance (I'm using Amazon Linux AMI 2012.3, which is based on CentOS if I'm not mistaken).

Here's what I did:

1. I installed mod_ssl & OpenSSL

2. I enabled port 443 on my EC2's instance security group

3. I CHMODed the *.key & *.crt files to 777 as Comodo suggested

4. I'm certain the IP address & files path are correct (put a bunch of 0s in the example but it is correct in my ssl.conf)

5. I added this VirtualHost entry to ssl.conf

---

<VirtualHost 00.000.000.00:443>
   ############# I tried both with & without this section ##############
   ServerName www.mydomain.com:443

   ServerAlias www.mydomain.com
   DocumentRoot /var/www
   ServerAdmin webmaster@mydomain.com
   ######################################################################

   SSLEngine on
   SSLCertificateKeyFile /etc/ssl/mydomain_com.key
   SSLCertificateFile /etc/ssl/mydomain_com.crt
   SSLCertificateChainFile /etc/ssl/mydomain_com.ca-bundle
</VirtualHost>

---

Then I restarted apache...but I stil cannot access https://www.mydomain.com/ !!!

I checked with ssltool.com, it says

The Common Name on the certificate is: ip-00-00-00-000

The certificate chain consists of:
SomeOrganization, ip-00-00-00-000. Expires on: Apr 10 13:39:41 2013 GMT - that's 363 days from today.
The site tested mydomain.com is NOT the same as the Subject CN ip-00-00-00-000!.

I even went & copied the VistualHost to httpd.conf instead of ssl.conf & restarted apache, all in vain.

I've been banging my head against the wall for days now. I'm pretty sure I'm missing a tiny something to make this work, I just don't know what exactly.

I'd be infinitely grateful if someone can suggest something to make this work!

解决方案

Sometimes this section

<VirtualHost _default_:443>

prevents your real SSL certificate from being used. If this is the case either comment VirtualHost default or move the SSLCertificate* attributes to it, ie.

<VirtualHost _default_:443>
  SSLCertificateKeyFile /etc/ssl/mydomain_com.key
  SSLCertificateFile /etc/ssl/mydomain_com.crt
  SSLCertificateChainFile /etc/ssl/mydomain_com.ca-bundle
</VirtualHost>

Make sure you restart apache after that.

这篇关于在一个EC2实例安装SSL证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！