我通过使用 ACM 证书将 HTTPS 用于 AWS Application Load Balancer 侦听器。
我从 ACM 请求子域的公共证书:test.example.com并在路由 53 中为其创建一个 CNAME:
Name: _xxxxxxxxxxx.test.example.com
Type: CNAME
Value: xxxxxx.xxx.acm-validations.aws.
我可以使用 ALB 的 DNS ( xxxx.us-east-1.elb.amazonaws.com ) 在 POSTMAN 中成功调用 API,但是,当我使用 python 请求或 cURL 调用相同的 API 时,它总是会告诉我SSL 存在一些问题。
卷曲:
代码:
curl -X POST \
https://xxxxx.us-east-1.elb.amazonaws.com/prod/testapi \
-H 'Content-Type: application/json' \
-H 'cache-control: no-cache' \
-d '{
"paras1": "xxxxx"
}'
错误:
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=test.example.com
* start date: Nov 11 00:00:00 2018 GMT
* expire date: Dec 11 12:00:00 2019 GMT
* subjectAltName does not match xxxx.us-east-1.elb.amazonaws.com
* SSL: no alternative certificate subject name matches target host name 'xxxx.us-east-1.elb.amazonaws.com'
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'xxxx.us-east-1.elb.amazonaws.com'
Python 请求:
代码:
import requests
url = "https://xxxxx.us-east-1.elb.amazonaws.com/prod/testapi"
payload = "{\"paras1\": \"xxxxx\"}"
headers = {
'Content-Type': "application/json",
'cache-control': "no-cache"
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
错误:
HTTPSConnectionPool(host='xxxx.us-east-1.elb.amazonaws.com', port=443):
Max retries exceeded with url: /prod/testapi
(Caused by SSLError(CertificateError("hostname 'xxxx.us-east-1.elb.amazonaws.com' doesn't match 'test.example.com'",),))