Amazon-Ec2
在amazon ec2上安裝godaddy ssl證書
我是設置 ssl 證書和 csr 的新手,我想在 ssl 中使用公共 ip 而不是域名。我使用以下命令和資訊創建了一個 csr 文件
openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr Generating a 2048 bit RSA private key .....................+++ ...........................................+++ writing new private key to 'mydomain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:Delhi Locality Name (eg, city) []:Delhi Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyComp ITES pvt ltd Organizational Unit Name (eg, section) []:chatapp Common Name (e.g. server FQDN or YOUR name) []:123.123.123.12(Elastic IP) Email Address []:amitdubey@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
此命令生成兩個文件
1.mydomain.key
2.mydomain.csr
我從 mydomain.csr 複製所有文本並粘貼到 godaddy 證書籤名請求 (CSR) 但它給了我錯誤
Public IP addresses are not allowed.
任何人都可以幫我解決我的問題以及如何解決此錯誤。
您通常無法獲得以 IP 地址作為主題名稱的 SSL 證書。
首先,除非將 IP 塊委託給您(例如從 RIR),否則您沒有獲得頒發此類證書的依據。這意味著除非您在該 IP 塊的 whois 資訊中列出並命名,否則您將不會獲得證書。
其次,即使在這種情況下,並非所有證書頒發機構都會這樣做。
從這個意義上說,您的彈性 IP 有點像子域。它可供您使用,並在您的提供商環境中與您相關聯,但就 ICANN 及其後代而言,它不屬於您。