Imported SSL Cert not listed for ALB Listener

人走茶凉 提交于 2021-02-07 20:01:25

问题


I have created an SSL cert via DigiCert and imported to ACM. (I require the same SSL to be applied to both ALB and the Application, and since there's no way to import ACM certs, I had to follow this way)

I have successfully imported the SSL and can see it in the console. However, I cannot apply it to ALB 443 Listener.

  1. I provided the Cert ARN to the CloudFormation template and it fails stating certificate don't exist.

  2. I have tried to manually update the 443 Listener, but the cert is not listed

  3. Since both failed, I have tried to import the cert in the ALB Listener console, but got the below error message. (However, certificate gets imported and I can see it in the console)

Updating listener failed. The imported certificate's configuration is not compatible and will not appear in the list of available certificates for your listeners. Select or upload a different certificate and try again.


回答1:


Did you check whether the SSL cert key algorithm is supported by the Application Load Balancer? These are the supported Algorithms:

Source:https://aws.amazon.com/premiumsupport/knowledge-center/elb-ssl-tls-certificate-https/

You can check the Key sizes using these commands:

$ openssl rsa -in secret.key -text -noout | grep "Private-Key"
Private-Key: (2048 bit)

$ openssl x509 -in certificate.crt -text -noout | grep "Public-Key"
RSA Public-Key: (2048 bit)

As mentioned by @aress-support, you can use IAM to import the certificate. https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/




回答2:


There is a Limitation of updating HTTPS Listener for Your Application Load Balancer.

ACM supports RSA certificates with a 4096 key length and EC certificates. 
However, you cannot install these certificates on your load balancer through integration with ACM.

The solution is to try uploading these certificates to IAM in order to use them with your load balancer.

This should help.



来源:https://stackoverflow.com/questions/55410675/imported-ssl-cert-not-listed-for-alb-listener

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!