aws route53 CNAME to external site with SSL

Question

I want to point my domain to an external site with SSL. mydomain.com CNAME otherdomain.com

However I get a certificate error that says: ERR_CERT_COMMON_NAME_INVALID

This is probably because the certificate for otherdomain.com only has an entry for *.otherdomain.com

Is there a way to make this certificate work through the CNAME redirect? Or do I need to use a seperate certificate for mydomain.com

... and how can I add that certificate with AWS? I don't see any options for that in route53.

best regards, Chris

Answer 1

The common name (the server name) that a SSL certificate has to match the hostname in the URL. The only way to make that work is to install an SSL certificate for "mydomain.com" on the "otherdomain.com" web servers. You cannot do that through DNS or any other means.

It sounds like you're trying to create a CNAME in your domain for an HTTPS server you don't control. That just won't do what you want it to do, for very good security reasons.

Answer 2

Is there a way to make this certificate work through the CNAME redirect?

No. The certificate must contain the hostname as seen in the URL. It does not matter if this is just an alias for another hostname.

Or do I need to use a seperate certificate for mydomain.com

Either you need a separate certificate or you need to have a certificate which contains all the names you need in one certificate.

... and how can I add that certificate with AWS? I don't see any options for that in route53.

As far as I understand Route53 only cares about DNS and certificate handling has nothing to do with DNS. And while I'm not familiar with AWS this documentation suggests that you can use third party certificates with AWS.