问题
I have created an SSL cert via DigiCert and imported to ACM. (I require the same SSL to be applied to both ALB and the Application, and since there's no way to import ACM certs, I had to follow this way)
I have successfully imported the SSL and can see it in the console. However, I cannot apply it to ALB 443 Listener.
I provided the Cert ARN to the CloudFormation template and it fails stating certificate don't exist.
I have tried to manually update the 443 Listener, but the cert is not listed
Since both failed, I have tried to import the cert in the ALB Listener console, but got the below error message. (However, certificate gets imported and I can see it in the console)
Updating listener failed. The imported certificate's configuration is not compatible and will not appear in the list of available certificates for your listeners. Select or upload a different certificate and try again.
回答1:
Did you check whether the SSL cert key algorithm is supported by the Application Load Balancer? These are the supported Algorithms:
Source:https://aws.amazon.com/premiumsupport/knowledge-center/elb-ssl-tls-certificate-https/
You can check the Key sizes using these commands:
$ openssl rsa -in secret.key -text -noout | grep "Private-Key"
Private-Key: (2048 bit)
$ openssl x509 -in certificate.crt -text -noout | grep "Public-Key"
RSA Public-Key: (2048 bit)
As mentioned by @aress-support, you can use IAM to import the certificate. https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/
回答2:
There is a Limitation of updating HTTPS Listener for Your Application Load Balancer.
ACM supports RSA certificates with a 4096 key length and EC certificates.
However, you cannot install these certificates on your load balancer through integration with ACM.
The solution is to try uploading these certificates to IAM in order to use them with your load balancer.
This should help.
来源:https://stackoverflow.com/questions/55410675/imported-ssl-cert-not-listed-for-alb-listener