Apache配置AWS API網關證書

Question

我已經創建了AWS API網關，並將它指向VPS。我希望能夠爲我的VPS啓用客戶端SSL身份驗證。我遵循AWS演練here。我在API網關控制檯中生成了PEM編碼的證書，並將其複製到我的Apache Web服務器。看起來，證書和/或虛擬主機配置在Apache SSL模塊中導致致命錯誤。

錯誤日誌：

[Tue Nov 10 10:53:57.140815 2015] [ssl:info] [pid 7283] AH01914: Configuring server example.com:443 for SSL protocol 
[Tue Nov 10 10:53:57.140998 2015] [ssl:trace1] [pid 7283] ssl_engine_init.c(724): Configuring permitted SSL ciphers [!aNULL:!eNULL:!EXP:HIGH:!aNULL] 
[Tue Nov 10 10:53:57.141165 2015] [ssl:debug] [pid 7283] ssl_engine_init.c(843): AH01904: Configuring server certificate chain (1 CA certificate) 
[Tue Nov 10 10:53:57.141175 2015] [ssl:debug] [pid 7283] ssl_engine_init.c(390): AH01893: Configuring TLS extension handling 
[Tue Nov 10 10:53:57.141204 2015] [ssl:emerg] [pid 7283] AH02572: Failed to configure at least one certificate and key for example.com:443 
[Tue Nov 10 10:53:57.141226 2015] [ssl:emerg] [pid 7283] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned 
[Tue Nov 10 10:53:57.141251 2015] [ssl:emerg] [pid 7283] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information 
AH00016: Configuration Failed 

Apache的虛擬主機配置：

<VirtualHost *:443> 
    ServerName example.com 

    ServerAdmin webmaster@localhost 
    DocumentRoot /var/www/example 

    DirectoryIndex index.html 

    SSLEngine on 
    SSLCertificateChainFile ssl/ca.crt 
    SSLVerifyDepth 1 

    LogLevel info ssl:warn debug trace1 

    ErrorLog ${APACHE_LOG_DIR}/error.log 
    CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost> 

Answer 1

進一步的研究已經證明@邁克爾 - sqlbot是正確的在這兩方面。在AWS API網關將與第三方服務器端點進行通信之前，需要來自證書頒發機構的證書。