我在AWS API Gateway中有一个API站点。 SSL证书由ACM管理,它有一个匹配任何子域的通配符(例如:* .mydomain.net)。在重命名子域之前,我可以访问我的API。现在,在Chrome中点击我的API会产生ERR_SSL_VERSION_OR_CIPHER_MISMATCH。
以下是OpenSSL中发生的事情:
BASH:portal-api$ openssl s_client -connect $DOMAIN:443 -servername $DOMAIN
CONNECTED(00000006)
140735636259784:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/ssl/s23_clnt.c:541:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 363 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
证书使用以下内容:
Public key info: RSA 2048-bit
Signature algorithm: SHA256WITHRSA
只是一个普通的ACM证书。想法?