Amazon-Ec2

在amazon ec2上安裝godaddy ssl證書

  • September 21, 2014

我是設置 ssl 證書和 csr 的新手,我想在 ssl 中使用公共 ip 而不是域名。我使用以下命令和資訊創建了一個 csr 文件

openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr

Generating a 2048 bit RSA private key
.....................+++
...........................................+++
writing new private key to 'mydomain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Delhi
Locality Name (eg, city) []:Delhi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyComp ITES pvt ltd
Organizational Unit Name (eg, section) []:chatapp
Common Name (e.g. server FQDN or YOUR name) []:123.123.123.12(Elastic IP)
Email Address []:amitdubey@gmail.com        

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

此命令生成兩個文件

1.mydomain.key

2.mydomain.csr

我從 mydomain.csr 複製所有文本並粘貼到 godaddy 證書籤名請求 (CSR) 但它給了我錯誤

Public IP addresses are not allowed. 

任何人都可以幫我解決我的問題以及如何解決此錯誤。

您通常無法獲得以 IP 地址作為主題名稱的 SSL 證書。

首先,除非將 IP 塊委託給您(例如從 RIR),否則您沒有獲得頒發此類證書的依據。這意味著除非您在該 IP 塊的 whois 資訊中列出並命名,否則您將不會獲得證書。

其次,即使在這種情況下,並非所有證書頒發機構都會這樣做。

從這個意義上說,您的彈性 IP 有點像子域。它可供您使用,並在您的提供商環境中與您相關聯,但就 ICANN 及其後代而言,它不屬於您。

引用自:https://serverfault.com/questions/605986