有相关的麻烦SSL证书与Amazon的Cloudfront [英] Having trouble associated SSL cert with Amazon Cloudfront
问题描述
我试图用的Cloudfront自定义SSL证书关联。我上传到IAM的证书,privatekey和链。我给它的/ CloudFront的上传路径。
I'm trying to associate a custom SSL certificate with Cloudfront. I uploaded it to IAM with the cert, privatekey, and chain. I gave it an upload path of /cloudfront.
我还要求,并收到了来自AWS使用自定义的SSL用的Cloudfront许可。
I have also requested and received permission from AWS to use custom SSL with Cloudfront.
然而,当我在CloudFront的控制台,并试图将证书关联,我得到的时候我preSS的是的,编辑按钮后续的错误。
However, when I'm in the cloudfront console, and trying to associate the certificate, I get the follow error when I press the "Yes, Edit" button.
指定浏览器证书不存在或无效。 (检查附图片)
"The specified viewer certificate does not exist or is not valid." (check attached image)
我已经购买从DNSimple通配符证书,并遵循这些指令(<一href="https://devcenter.heroku.com/articles/ssl-certificate-dnsimple">https://devcenter.heroku.com/articles/ssl-certificate-dnsimple)
I've purchased a wildcard cert from DNSimple, and followed these instructions (https://devcenter.heroku.com/articles/ssl-certificate-dnsimple)
有任何想法如何前进?我可能会错误地使我的证书,但我不知道如何调试这一点。难道我已经正确地做了我的证书,也只是有毛病我AWS账户或的Cloudfront配置?
Is there any idea how to go forward? I might have made my certificate incorrectly, but I have no idea how to debug this. Is it possible that I've made my certificate correctly, and there is just something wrong with my aws account or Cloudfront configuration?
谢谢!
推荐答案
所以我想通了这个问题!
So I figured out the problem!
DNSimple默认情况下,使你成为一个2432位的密钥,这比2048位的最大尺寸,亚马逊允许较大。如果你想测试你的密钥和证书的大小,运行以下命令:
DNSimple by default makes you a 2432 bit key, which is larger than the max size of 2048bit that Amazon allows. If you want to test the size of your key and cert, run the following:
私有密钥:
OpenSSL的RSA -in private.key -text -noout
例:专用密钥:(2048位)
Example: Private-Key: (2048 bit)
证书:
OpenSSL的X509 -in public.cert -text -noout
输出示例:公钥:(2048位)
Example output: Public-Key: (2048 bit)
每个命令的输出会告诉你,这是有多少位。如果从DNSimple买了一个SSL证书,可以留言他们,他们可以重新授权的证书/键具有不同的尺寸。
The output of each command will tell you how many bits it is. If you bought a SSL cert from DNSimple, you can message them and they can reauthorize your cert/key with a different size.
这样做了以后,你的证书和你的Cloudfront分布关联应该工作。
After doing this, associating your cert with your Cloudfront distribution should work.
这篇关于有相关的麻烦SSL证书与Amazon的Cloudfront的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
