我正在使用python将openssl证书导入AWS ACM。我总是遇到错误:
Response:
{
"errorMessage": "An error occurred (ValidationException) when calling the ImportCertificate operation: The certificate field contains more than one certificate. You can specify only one certificate in this field.",
"errorType": "ClientError",
"stackTrace": [
" File \"/var/task/lambda_function.py\", line 7, in lambda_handler\n response = client.import_certificate(\n",
" File \"/var/runtime/botocore/client.py\", line 316, in _api_call\n return self._make_api_call(operation_name, kwargs)\n",
" File \"/var/runtime/botocore/client.py\", line 626, in _make_api_call\n raise error_class(parsed_response, operation_name)\n"
]
}
这是我的代码:
import boto3
client = boto3.client('acm')
def lambda_handler(event, context):
response = client.import_certificate(
Certificate='sample.vpn.crt',
PrivateKey='sample.vpn.key',
CertificateChain='ca.crt'
)
任何帮助将不胜感激。
答案 0 :(得分:1)
如boto3 docs中所述,三个参数的类型不应为字符串,而应为字节。对我来说,窍门是从软件包中读取证书文件,如下所示:
import boto3
client = boto3.client('acm')
def lambda_handler(event, context):
certificate=open('sample.vpn.crt', 'rb').read()
privatekey=open('sample.vpn.key', 'rb').read()
chain=open('ca.crt', 'rb').read()
response = client.import_certificate(
Certificate=certificate,
PrivateKey=privatekey,
CertificateChain=chain
)
不幸的是,在这种情况下,错误消息有些误导。如果仍然收到相同的错误消息,请确保您的证书文件具有ACM要求的格式。您可以通过尝试使用ACM控制台导入证书来进行测试。如果您收到相同的错误,请按照AWS在此troubleshooting page上提供的步骤进行操作。
答案 1 :(得分:1)
发生错误是因为您应该传递证书的值,而不是文件名:
CertificateArn='string',
Certificate=b'bytes',
PrivateKey=b'bytes',
因此,您可以尝试以下操作:
with open('sample.vpn.pem','r') as f:
crt = f.read()
with open('sample.vpn.pem','rb') as f:
key = f.read()
with open('ca.crt','rb') as f:
chain = f.read()
response = client.import_certificate(
Certificate=crt,
PrivateKey=key,
CertificateChain=chain)