/// <summary> /// <para> Sets the certificate that terminates the specified listener's SSL connections. The specified certificate replaces any prior /// certificate that was used on the same LoadBalancer and port. </para> /// </summary> /// /// <param name="setLoadBalancerListenerSSLCertificateRequest">Container for the necessary parameters to execute the /// SetLoadBalancerListenerSSLCertificate service method on AmazonElasticLoadBalancing.</param> /// /// <returns>The response from the SetLoadBalancerListenerSSLCertificate service method, as returned by AmazonElasticLoadBalancing.</returns> /// /// <exception cref="InvalidConfigurationRequestException"/> /// <exception cref="CertificateNotFoundException"/> /// <exception cref="LoadBalancerNotFoundException"/> /// <exception cref="ListenerNotFoundException"/> public SetLoadBalancerListenerSSLCertificateResponse SetLoadBalancerListenerSSLCertificate(SetLoadBalancerListenerSSLCertificateRequest setLoadBalancerListenerSSLCertificateRequest) { IRequest <SetLoadBalancerListenerSSLCertificateRequest> request = new SetLoadBalancerListenerSSLCertificateRequestMarshaller().Marshall(setLoadBalancerListenerSSLCertificateRequest); SetLoadBalancerListenerSSLCertificateResponse response = Invoke <SetLoadBalancerListenerSSLCertificateRequest, SetLoadBalancerListenerSSLCertificateResponse> (request, this.signer, SetLoadBalancerListenerSSLCertificateResponseUnmarshaller.GetInstance()); return(response); }
public void Install(PrivateKey pk, Crt crt, IEnumerable <PKI.Crt> chain, IPkiTool cp) { AssertNotDisposed(); if (CertInstaller != null) { CertInstaller.Install(pk, crt, chain, cp); ExistingServerCertificateName = CertInstaller.ServerCertificateName; // Now that the cert has been installed in IAM, we need to // poll to see when it becomes effective because there could // be a slight delay till it's available for reference using (var client = new AmazonIdentityManagementServiceClient( CommonParams.ResolveCredentials(), CommonParams.RegionEndpoint)) { var iamRequ = new GetServerCertificateRequest { ServerCertificateName = ExistingServerCertificateName, }; var triesLeft = 10; string arn = null; while (triesLeft-- > 0) { try { var iamResp = client.GetServerCertificate(iamRequ); arn = iamResp?.ServerCertificate?.ServerCertificateMetadata?.Arn; if (!string.IsNullOrEmpty(arn)) { break; } } catch (Exception) { // TODO: integrate with logging to log some warnings } System.Threading.Thread.Sleep(10 * 1000); } if (string.IsNullOrEmpty(arn)) { throw new InvalidOperationException("unable to resolve uploaded certificate"); } } } string certArn; using (var client = new AmazonIdentityManagementServiceClient( CommonParams.ResolveCredentials(), CommonParams.RegionEndpoint)) { var iamRequ = new GetServerCertificateRequest { ServerCertificateName = ExistingServerCertificateName, }; var iamResp = client.GetServerCertificate(iamRequ); certArn = iamResp?.ServerCertificate?.ServerCertificateMetadata?.Arn; } if (string.IsNullOrEmpty(certArn)) { throw new InvalidOperationException("unable to resolve server certificate against IAM store"); } using (var client = new AmazonElasticLoadBalancingClient( CommonParams.ResolveCredentials(), CommonParams.RegionEndpoint)) { // We've found through experience/experimentation that even if the // cert is successfully installed and retrievable up above, it can // still fail here temporarily till the ELB reference can resolve it int triesLeft = 10; Exception lastEx = null; while (triesLeft-- > 0) { if (!string.IsNullOrEmpty(LoadBalancerProtocol)) { var iamRequ = new CreateLoadBalancerListenersRequest { LoadBalancerName = this.LoadBalancerName, Listeners = new List <Listener> { new Listener { LoadBalancerPort = this.LoadBalancerPort, Protocol = this.LoadBalancerProtocol, InstancePort = this.InstancePort, InstanceProtocol = this.InstanceProtocol, SSLCertificateId = certArn, } } }; try { var iamResp = client.CreateLoadBalancerListeners(iamRequ); // TODO: any checks we should do? // Break out of the outer retry loop lastEx = null; break; } catch (Exception ex) { // TODO: integrate with logging to log some warnings lastEx = ex; } } else { var iamRequ = new SetLoadBalancerListenerSSLCertificateRequest { LoadBalancerName = this.LoadBalancerName, LoadBalancerPort = this.LoadBalancerPort, SSLCertificateId = certArn, }; try { var iamResp = client.SetLoadBalancerListenerSSLCertificate(iamRequ); // TODO: any checks we should do? // Break out of the outer retry loop lastEx = null; break; } catch (Exception ex) { // TODO: integrate with logging to log some warnings lastEx = ex; } } System.Threading.Thread.Sleep(10 * 1000); } if (lastEx != null) { throw new InvalidOperationException( "valid to create/update ELB listener with certificate reference", lastEx); } } }