我无法将我的Comodo SSL证书添加到aws cloudfront。我收到错误:
我收到了以下文件:
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSAOrganizationValidationSecureServerCA.crt
STAR_myapp_com.crt
我也有私钥。
关注此博客:https://guillaumemaka.com/2015/05/06/install-your-comodo-certificates-to-amazon-aws.html
openssl x509 -in ./AddTrustExternalCARoot.crt -outform pem -out ./pem/AddTrustExternalCARoot.pem
openssl x509 -in ./COMODORSAAddTrustCA.crt -outform pem -out ./pem/COMODORSAAddTrustCA.pem
openssl x509 -in ./COMODORSAOrganizationValidationSecureServerCA.crt -outform pem -out ./pem/COMODORSAOrganizationValidationSecureServerCA.pem
openssl x509 -in ./cdn_guillaumemaka_com.crt -outform pem -out ./pem/cdn_guillaumemaka_com.pem
openssl rsa -in ./private.key -outform PEM -out private.key.pem
现在,我使用以下命令创建了证书链:
$ cat ./pem/COMODORSADomainValidationSecureServerCA.pem > ./pem/CAChain.pem
$ cat ./pem/COMODORSAAddTrustCA.pem >> ./pem/CAChain.pem
$ cat ./pem/AddTrustExternalCARoot.pem >> ./pem/CAChain.pem
最后,我使用以下方式上传了证书:
aws iam upload-server-certificate --server-certificate-name CDNServerCertificate --certificate-body file://cdn_guillaumemaka_com.pem --private-key file://private.key.pem --certificate-chain file://CAChain.pem --path /cloudfront/production/
当我尝试将此添加到我的cloudfront发行版时,我收到此错误:
com.amazonaws.services.cloudfront.model.InvalidViewerCertificateException: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain. (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidViewerCertificate; Request ID: 90ee29ae-068e-11e8-xxxx-62197a5115b7)
如何创建有效的证书包?