- 最新
- 最多得票
- 最多評論
Hello,
Check the following links for more details - https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-mutual-tls.html https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mutual-tls.html
Thanks
Thank you for the link, but i'm afraid that doesn't answer my question
Can we answer why this is needed? and if we are able to use our imported public certificate as the OwnershipVerificationCertificate
Hello,
API Gateway mandates the provision of an "ownership verification certificate" alongside the server certificate. This certificate is exclusively utilized to confirm domain ownership and isn't involved in the TLS handshake process. This certificate must be issued by an AWS-trusted certificate authority such as ACM. Even if a publicly-trusted certificate is employed for the server, API Gateway requires the ownership certificate to validate domain control. It's important to note that the ownership certificate is distinct from the server/client certificates utilized in the TLS handshake and is solely utilized to demonstrate domain ownership to API Gateway.
I hope this one provides more clarity to you
Thanks
Thanks for responding
Just to confirm, when you say "This certificate must be issued by an AWS-trusted certificate authority such as ACM", that i'm able to use an imported (i.e. not issued by ACM) a publicly trusted certificate to ACM for the "ownership verification certificate"? but it can't be the same cert as the one used for TLS?
I've tried doing this, but still getting the following error: "BadRequestException: Invalid ownershipVerificationCertificate. OwnershipVerificationCertificate should be a public ACM certificate."
Is this a problem with the cert i'm trying to import?
Thanks
I'd also be interested to know why the "ownership verification certificate" is only required when mTLS is enabled, i don't understand why mTLS would require the domain be validated
相關內容
AWS 官方已更新 1 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前