Media CDN SSL使用手册

WangGaoli • 2023年3月5日 16:48 • GCP

Media CDN SSL使用手册

1. 托管证书

创建DNS，验证域名所有权

为wanggaoli.com域名创建名为wanggaoli的dns验证实例

root@GIA2C-1G-20G-1TB ~ # gcloud certificate-manager dns-authorizations create wanggaoli \
    --domain="wanggaoli.com"
Create request issued for: [wanggaoli]
Waiting for operation [projects/mec-test-344202/locations/global/operations/operation-1677828442625-5f5f9e051151e-ba5229e9-6bf0b99b] to complete...done.
Created dnsAuthorization [wanggaoli].

root@GIA2C-1G-20G-1TB ~ # gcloud certificate-manager dns-authorizations describe wanggaoli
createTime: '2023-03-03T07:27:22.769299116Z'
dnsResourceRecord:
  data: 0efbce48-138e-40b3-98a3-4287910f33bf.15.authorize.certificatemanager.goog.
  name: _acme-challenge.wanggaoli.com.
  type: CNAME
domain: wanggaoli.com
name: projects/mec-test-344202/locations/global/dnsAuthorizations/wanggaoli
updateTime: '2023-03-03T07:27:23.364792833Z'

在域名服务商添加cname记录，进行dns授权验证

查询已有认证

root@GIA2C-1G-20G-1TB ~ # gcloud certificate-manager dns-authorizations list
NAME       DOMAIN         DNS_RECORD                      RECORD_TYPE  DNS_VALUE
wanggaoli  wanggaoli.com  _acme-challenge.wanggaoli.com.  CNAME        0efbce48-138e-40b3-98a3-4287910f33bf.15.authorize.certificatemanager.goog.

申请SSL证书

为wanggaoli.com *.wanggaoli.com申请证书，证书名称为wanggaoli0428，使用wanggaoli dns验证主体。

多个域名使用英文逗号隔开。

root@GIA2C-1G-20G-1TB ~ # gcloud certificate-manager certificates create wanggaoli \
    --domains="wanggaoli.com,*.wanggaoli.com" \
    --dns-authorizations="wanggaoli" \
    --scope=EDGE_CACHE
Create request issued for: [wanggaoli]
Waiting for operation [projects/mec-test-344202/locations/global/operations/operation-1677828519319-5f5f9e4e3575a-dd6e7e62-6eef5a08] to complete...done.
Created certificate [wanggaoli].

检查证书信息

root@GIA2C-1G-20G-1TB ~ # gcloud certificate-manager certificates describe wanggaoli
createTime: '2023-03-03T07:28:39.492458192Z'
managed:
  authorizationAttemptInfo:
  - domain: wanggaoli.com
    state: AUTHORIZING
  - domain: '*.wanggaoli.com'
    state: AUTHORIZING
  dnsAuthorizations:
  - projects/328842067835/locations/global/dnsAuthorizations/wanggaoli
  domains:
  - wanggaoli.com
  - '*.wanggaoli.com'
  state: PROVISIONING
name: projects/mec-test-344202/locations/global/certificates/wanggaoli
sanDnsnames:
- wanggaoli.com
- '*.wanggaoli.com'
scope: EDGE_CACHE
updateTime: '2023-03-03T07:28:40.183562022Z'

2. 上传自托管证书

wanggaoli@WangGaoli ~ $ gcloud certificate-manager certificates create ccfuncom20240223 \
     --certificate-file=ccfun.com.pem \
     --private-key-file=ccfun.com.key \
     --scope=EDGE_CACHE

Create request issued for: [ccfuncom]
Waiting for operation [projects/mec-test-344202/locations/global/operations/operation-1677826751392-5f5f97b82ec3f-480ae92e-417606a9] to complete...done.
Created certificate [ccfuncom].

wanggaoli@WangGaoli ~ $ gcloud certificate-manager certificates create gtarcade20231201 \
     --certificate-file=gtarcade.com.pem \
     --private-key-file=gtarcade.com.key \
     --scope=EDGE_CACHE

Create request issued for: [gtarcade20231201]
Waiting for operation [projects/mec-test-344202/locations/global/operations/operation-1677827808210-5f5f9ba80ae92-b6fc809c-867a5eb7] to complete...done.
Created certificate [gtarcade20231201].

3. 将证书应用到Media CDN上

执行导出命令存在ERROR: (gcloud.edge-cache.services.export) NOT_FOUND: Method not found.报错，怀疑Media属于内侧，无法使用gcloud工具，这里通过控制台关联证书。

gcloud edge-cache services export wanggaoli-media \
    --destination=my-service.yaml

name: wanggaoli-media
edgeSslCertificates:
- projects/mec-test-344202/locations/global/certificates/wanggaoli

gcloud edge-cache services import wanggaoli-media \
    --source=my-service.yaml

控制台应用SSL

其他：

删除证书

必须先删除证书，才能删除dns授权验证

root@GIA2C-1G-20G-1TB ~ # gcloud certificate-manager certificates delete wanggaoli0428
You are about to delete certificate 'wanggaoli0428'

Do you want to continue (Y/n)?  Y

Waiting for 'operation-1677828389069-5f5f9dd1fe35a-461097cd-a66841a3' to complete...done.
Deleted certificate [wanggaoli0428].

删除dns授权验证

root@GIA2C-1G-20G-1TB ~ # gcloud certificate-manager dns-authorizations delete wanggaoli
You are about to delete dnsAuthorization [wanggaoli]

Do you want to continue (Y/n)?  Y

Delete request issued for: [wanggaoli]
Waiting for operation [projects/mec-test-344202/locations/global/operations/operation-1677828404492-5f5f9de0b396f-b5cc10ed-b8c756de] to complete...done.
Deleted dnsAuthorization [wanggaoli].

参考文档：https://cloud.google.com/media-cdn/docs/configure-ssl-certificates

版权声明：
作者：WangGaoli
链接：https://wanggaoli.com/3632.html
来源：王高利的个人博客
文章版权归作者所有，未经允许请勿转载。

THE END

cdn gcp

二维码

Cloud CDN对Quic的支持情况

< <上一篇

通过镜像包，为云服务器DD Windows系统

下一篇>>

文章目录

关闭