本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用 IAM 服务器证书
要启用与您的网站或应用程序的 HTTPS 连接 Amazon,您需要一个 SSL/TLS 服务器证书。您可以使用外部提供商提供的 Amazon Certificate Manager 服务器证书,也可以使用从外部提供商处获得的服务器证书。
我们建议您使用 ACM 来预置、管理和部署服务器证书。借助此功能, ACM 您可以申请证书,将其部署到您的 Amazon 资源中,然后让我们为您 ACM 处理证书续订。提供的证书 ACM 是免费的。有关的更多信息 ACM,请参阅《Amazon Certificate Manager 用户指南》。
获取服务器证书
您可以通过调用 IamClient's getServerCertificate
方法来检索服务器证书,然后将其GetServerCertificateRequest
导入
import software.amazon.awssdk.services.iam.model.GetServerCertificateRequest; import software.amazon.awssdk.services.iam.model.GetServerCertificateResponse; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.iam.IamClient; import software.amazon.awssdk.services.iam.model.IamException;
代码
public static void getCertificate(IamClient iam,String certName ) { try { GetServerCertificateRequest request = GetServerCertificateRequest.builder() .serverCertificateName(certName) .build(); GetServerCertificateResponse response = iam.getServerCertificate(request); System.out.format("Successfully retrieved certificate with body %s", response.serverCertificate().certificateBody()); } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅上的完整示例
列出服务器证书
要列出您的服务器证书,请使用调用 IamClient's listServerCertificates
方法ListServerCertificatesRequest
调用返回ListServerCertificateResponse
对象的serverCertificateMetadataList
方法以获取可用于获取有关每个证书的信息的ServerCertificateMetadata
如果 ListServerCertificateResponse
对象的 isTruncated
方法返回了 true
,调用 ListServerCertificatesResponse
对象的 marker
方法并使用标记创建一个新请求,则结果可能被截断。使用该新请求重新调用 listServerCertificates
以获取下一批结果。
导入
import software.amazon.awssdk.services.iam.model.IamException; import software.amazon.awssdk.services.iam.model.ListServerCertificatesRequest; import software.amazon.awssdk.services.iam.model.ListServerCertificatesResponse; import software.amazon.awssdk.services.iam.model.ServerCertificateMetadata; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.iam.IamClient;
代码
public static void listCertificates(IamClient iam) { try { boolean done = false; String newMarker = null; while(!done) { ListServerCertificatesResponse response; if (newMarker == null) { ListServerCertificatesRequest request = ListServerCertificatesRequest.builder().build(); response = iam.listServerCertificates(request); } else { ListServerCertificatesRequest request = ListServerCertificatesRequest.builder() .marker(newMarker).build(); response = iam.listServerCertificates(request); } for(ServerCertificateMetadata metadata : response.serverCertificateMetadataList()) { System.out.printf("Retrieved server certificate %s", metadata.serverCertificateName()); } if(!response.isTruncated()) { done = true; } else { newMarker = response.marker(); } } } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅上的完整示例
更新服务器证书
您可以通过调用's updateServerCertificate
方法来更新服务器证书 IamClient的名称或路径。它需要一个包含服务器证书当前名称的UpdateServerCertificateRequest
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.iam.IamClient; import software.amazon.awssdk.services.iam.model.IamException; import software.amazon.awssdk.services.iam.model.UpdateServerCertificateRequest; import software.amazon.awssdk.services.iam.model.UpdateServerCertificateResponse;
代码
public static void updateCertificate(IamClient iam, String curName, String newName) { try { UpdateServerCertificateRequest request = UpdateServerCertificateRequest.builder() .serverCertificateName(curName) .newServerCertificateName(newName) .build(); UpdateServerCertificateResponse response = iam.updateServerCertificate(request); System.out.printf("Successfully updated server certificate to name %s", newName); } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅上的完整示例
删除服务器证书
要删除服务器证书,请使用DeleteServerCertificateRequestdeleteServerCertificate
方法进行调用。
导入
import software.amazon.awssdk.services.iam.model.DeleteServerCertificateRequest; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.iam.IamClient; import software.amazon.awssdk.services.iam.model.IamException;
代码
public static void deleteCert(IamClient iam,String certName ) { try { DeleteServerCertificateRequest request = DeleteServerCertificateRequest.builder() .serverCertificateName(certName) .build(); iam.deleteServerCertificate(request); System.out.println("Successfully deleted server certificate " + certName); } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅上的完整示例
更多信息
-
在《 IAM 用户指南》中使用@@ 服务器证书
-
GetServerCertificate在 IAM API 参考中
-
ListServerCertificates在 IAM API 参考中
-
UpdateServerCertificate在 IAM API 参考中
-
DeleteServerCertificate在 IAM API 参考中