Https configuration in AWS Elastic Beanstalk

Question

I have a node.js app in elastic beanstalk and I want it to be consumed through HTTPS. But for some reason it doesn't connect securely. Steps I followed:

1. Created a hosted zone In Route53 with my own domain.
2. Received email for domain verification, accepted and and created hosted zone.
3. Enabled port 443 for https in EB environment configuration.
4. Added new inbound rule for https with port 443 in security group.

Then when I hit the url (https://myurl.us-west-1.elasticbeanstalk.com/) in browser it shows the page but not securely. I have attached the screenshot.

Answer 1

Just consolidating the findings in hope that it will be useful for someone else as well.

I'm greatly simplifying here, but two key checks browser performs when validating a certificate are certificate chain and site name. (At least these two seem like the two most common sources of issues with certificates.)

With certificate chain browser checks that certificate was signed by a well known (and trusted) authority. So, first of all you need a proper certificate issued by a well known certificate issuing authority. The easiest is probably to get one from AWS Certificate Manager. But you can obtain one from a certificate authority instead. See here: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html

To be fair, you actually can use a self signed certificate and can even suppress the warning by adding your signing certificate to the list of trusted certificates in your browser. But that isn't really an option for a public web site as it will require every visitor of your website to manually add your certificate as trusted.

With the name check a browser simply verifies that site name you typed in the url bar matches to one of those listed on the certificate. To satisfy this check you have to configure www.mydomain.com (or whatever your domain is) as an alias to you ELB in Route53. Then point your browser to www.mydomain.com (not to elasticbeanstalk url).