Reputation: 45
Amazon S3 Bucket naming convention causes conflict with certificate
I renamed an Amazon S3 Bucket from: "multi-word-name"
to what Amazon suggests as being the best naming convention: "multi.word.name"
The problem is that this causes a problem with the SSL certificate: "You attempted to reach multi.word.name.s3.amazonaws.com, but instead you actually reached a server identifying itself as *.s3.amazonaws.com ..."
Any ideas?
Thanks
Upvotes: 3
Views: 2140
Answers (1)
Reputation: 64761
There are two potential issues involved with bucket naming in Amazon S3.
DNS compliant bucket naming and SSL verification in general
First and foremost, there is a huge and severely under documented caveat in place still regarding the suggested DNS compliant bucket name convention, see Virtual Hosting of Buckets:
When using virtual hosted-style buckets with SSL, the SSL wild card certificate only matches buckets that do not contain periods. To work around this, use HTTP or write your own certificate verification logic. [emphasis mine]
- So from this perspective your desired approach simply won't work - this problem is explored in more detail in Kerry's answer to Amazon S3 - HTTPS/SSL - Is it possible?, which features a dedicated answer regarding this problem from AWS Support as well.
DNS compliant bucket naming and SSL verification within the AWS SDK
In case you are asking from a context/scope around the AWS SDK for Java, you might want to try again with the new AWS SDK for Java 1.4.0, which features related Changes to S3 host name SSL verification:
The Amazon S3 client is now less strict when validating host names, when using DNS-style bucket addressing (the default). Now any domain ending in s3.amazonaws.com will bypass the strict SSL checking requirements. This change fixes issues experienced by customers in non-US regions using buckets with periods in the name. [emphasis mine]
Please note that this change has been released just yesterday and I haven't explored either its background or its relation to the aforementioned generic restriction yet, but it might help you on your way.
Good luck!
Upvotes: 3
Related Questions
- SSL Certificate Issue with bucket name containing dots ('.') while trying to use Virtual-Hosted url instead of Path Style for AWS S3 Bucket
- How to get ssl certificate working with custom domain using aws s3 bucket?
- Amazon S3 bucket name uniqueness and domain name
- How to add SSL certificate to amazon s3 bucket?
- amazon s3 name Key Name misunderstaning
- How to match S3 bucket name suffix against usename prefix
- S3 upload on https with dots in bucket name
- Django AWS S3 Invalid certificate when using bucket name "."
- Amazon S3 bucket naming convention
- https security exception for amazon s3 bucket