问题描述
场景
我为统一控制器设置了AWS,我曾使用 https://myserverip:8443 ,我绕过此连接已成功记录",并正常使用控制器
I have AWS setup for a unifi controller, I've been to access it with https://myserverip:8443, I bypass "This connection is note sucured" and use the controller normally
现在,我需要安装SSL证书才能使用热点支付系统.
Now, I need to install and SSL certificate to get the hotspot payment system going.
我与GoDaddy拥有FQDN,所以我创建了一个子域unifi.mydomain.com,该子域指向弹性IP,我使用 https://unifi.mydomain.com:8443
I have a FQDN with GoDaddy so I created a subdomain unifi.mydomain.com, that points to the elastic IP, I log on with https://unifi.mydomain.com:8443
我从GoDaddy购买了SSL证书,并将子域添加到了该证书中.
I bought the SSL certificate from GoDaddy, added the subdomain to that certificate.
我使用SSH登录AWS,并使用以下命令生成csr
I log on my AWS with SSH, generate my csr with the following command
cd /usr/lib/unifi
sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom "My Company Name" City State CC*
然后我做
cd var/lib/unifi
more unifi_certificate.csr.pem
一旦我将其复制并粘贴到GoDaddy上,下载证书文件,然后使用 filezilla 返回AWS将文件复制到/usr/lib/unifi
Once I get that I copy and paste it on GoDaddy, download the cert files, go back to AWS copy the files with filezilla to /usr/lib/unifi
然后我运行以下命令
sudo java -jar lib/ace.jar import_cert unifi_mydomain_com.crt bundlecert.crt
它们正确导入,重新启动unifi服务并重新启动EC2
They import correctly, restart unifi service and reboot EC2
到达以上任何一个地址时,我都会收到以下内容
When I got to any of the above address I get the following
此网站无法提供安全的连接ERR_SSL_PROTOCOL_ERROR
This site can’t provide a secure connection ERR_SSL_PROTOCOL_ERROR
我尝试了不同的浏览器,隐身模式,vpn等,我相信这只是SSL或我的服务器的问题
I've tried different browsers, incognito mode, vpn, etc, I believe it's just a matter of SSL or my server
推荐答案
检查/var/lib/unifi/中的system.properties,使用vim或您选择的文本编辑器打开文件.
Check your system.properties which sits in /var/lib/unifi/ open the file with vim or your text editor of choice.
看看您的HTTPS选项,重要的是密码和协议.
Have a look at your HTTPS options, the important ones are the ciphers and protocols.
您需要的协议是TLSv1,并且可能是SSLv2.您好,那里应该没有其他SSL协议.
The Protocols you need are TLSv1 and potentially SSLv2Hello there should be no other SSL protocols in there.
您理想的密码是TLS,例如TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
The Ciphers you ideally want are TLS, so for example TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA
如果您遇到问题,请全神贯注!仅在演示/测试环境中使用此功能.
If you are having issues throw them all in, CAUTION! only use this in a demo /test environment.
unifi.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
记住,一旦编辑了system.properties,就需要重新启动控制器.
Remember once you have edited the system.properties you need to restart the controller.
sudo service unifi restart
Unifi页面上的很多帮助
Lots of help on the Unifi page
这篇关于来自EC2实例上GoDaddy的SSL的UniFi控制器问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!