问题
I'm having trouble. I followed a guide that I found here
http://www.thenetworkadministrator.net/index.php/2011/12/iis-ssl-certificate-into-amazon-elastic-load-balancer/
And exported by cert and created all those files, but it doesn't tell you which file goes in which field. I tried what I think is all the combinations but it doesn't accept it
I Setup the balancer as follows
Then I try to setup the certificate
Then you can see it tells me it's invalid.
In case it helps I exported from IIS and followed the tutorial on the link provided and the certificate is a DigiCert Wildcard Certificate ie (*.domain.com)
回答1:
Please read the post: AWS Load Balancer SSL limitations. The following solution worked for me:
openssl rsa -in server.key -text
Then copy and paste the produced output between (including):
-----BEGIN RSA PRIVATE KEY-----
and
-----END RSA PRIVATE KEY-----
AWS Load Balancer had accepted this key successfully.
回答2:
Hmmh, everything looks correct at first sight, but let's double check on a few details.
And exported by cert and created all those files, but it doesn't tell you which file goes in which field.
I can't quite follow, insofar the linked guide clearly states where to put he files:
When prompted for the certificate keys do the following:
- Open the file server.key that was created from above with openssl and paste into the Private Key textbox
- Open the file cert.pem that was created from above with openssl and copy the text from —-BEGIN till the end of the file and paste that into Public Key Certificate textbox
Note: I did not put anything into the certificate chain
The screenshot you provided indicates you have chosen the correct combination in fact, however ...
I tried what I think is all the combinations but it doesn't accept it
... I assume you have deliberately shortened the textarea input widgets for Private Key and Public Key Certificate to decrease image size or hide the actual keys? Otherwise the text to be pasted has mostly gone lost somehow, insofar it should look something like:
-----BEGIN CERTIFICATE-----
MIICeDCCAeGgAwIBAgIGAOABb24uY29tMQwwCgb3DQEBBQUAMFMxCzAJBgNVBAYT
[...]
A WHOLE LOT MORE HEX DIGITS HERE!
[...]
q04lCMxITAfBgNVBAMTAAJW26+adw9C063H7I846ZbxHl6BkcTPsjL3b5JoZhyim
jbzH4dktTFNIkX4o
-----END CERTIFICATE-----
In this regard another cause might be addressed by this answer to Public key and private cert don't match:
Looks like the issue was the way in which I was copying the contents of the key and certs into the AWS Management console. I was using an Ubuntu desktop running in Virtual Box [...] Once I opened the key and cert files on the same box as the web browser (Windows in this case) the certs went through just fine. I'm guessing some parts of the file aren't making it over correctly when using the shared clip board between Virtual Box client and host.
Given the high probability of special characters appearing in the hex dump, this is entirely possible for various similar copy&paste scenarios as well, e.g. between SSH terminals with erroneous character encoding settings etc.
回答3:
Simplest/most concise explanation that I have come across for creating a self-signed cert for AWS ELBs is...
openssl genrsa -out server_privatekey.pem 1024
openssl req -new -key server_privatekey.pem -out server_certificate_csr.pem
openssl x509 -req -days 3650 -in server_certificate_csr.pem -signkey server_privatekey.pem -out server_certificate.pem
And then in AWS;
Certificate Name: mycert
Private key: [content of server_privatekey.pem]
Public key: [content of server_certificate.pem]
Certificate Chain: [content of server_certificate_csr.pem]
Credit: https://forums.aws.amazon.com/message.jspa?messageID=381093
来源:https://stackoverflow.com/questions/8888042/install-wildcard-certificate-onto-aws-ec2-load-balancer