Reputation: 161
AWS ElasticLoadBalancer certificate doesn't match domain name
I'm a bit confused as to how Elastic Load Balancers work with certificates in AWS. The domain name for my ELB is my-service1234568698.eu-west-2.elb.amazonaws.com and that's what I used to call my REST endpoints (I have my ELB palming requests off to docker instances with Java microservices).
I have my own domain and I have created an Amazon certificate for it in ACM but that's for www.my-domain-here.com, not the amazon ELB one. When I try and call the ELB over https I get a CORS error because the certificate name doesn't match the AWS domain name. Calling it with CURL and specifying the origin host, I get:
curl: (51) SSL: no alternative certificate subject name matches target host name 'my-service1234568698.eu-west-2.elb.amazonaws.com'
Any idea on how this is supposed to work?
Upvotes: 5
Views: 4099
Answers (3)
Reputation: 161
I see, I get it now. So www.my-domain.com is hosted by another provider (I.e. not on aws) and it’s where my SPA is hosted (using REACT). My idea was that I’d make calls to my AWS back end from there. If I want to use https on an elastic load balancer, does that mean I need two domains then? One for my website and one so I can use a certificate within aws?
Upvotes: 0
Reputation: 8603
what you are missing is , you should point www.my-domain.com to my-service1234568698.eu-west-2.elb.amazonaws.com in your domain management system(Rotue53 if you are using aws). then you should curl using your domain curl www.my-domain.com
If you are using Route53,
create an A record for www.my-domain.com pointing to my-service1234568698.eu-west-2.elb.amazonaws.com and set Alias to Yes
Upvotes: 4
Reputation: 68725
Certificate needs to be attached to your SSL termination endpoint in your AWS environment. Load balancer are generally used as the SSL termination endpoint, which means they will do all the SSL handshake and secure connection setup. To do that your Load balancer needs to know the cert, chain and the private key. You can do all that using AWS console.
Registering a domain name and creating a certificate do not secure your domain. As you still need to apply the certificate to your domain origin or a public endpoint in your AWS environment. Not sure where have you applied that? If certificate is only requested through ACM and not attached anywhere then your load balancer can be a valid choice depending on your whole setup.
EDIT: As per the comments, also you need to create a CNAME record in route 53 to point your own domain to your load balancer. So that you don't need hit the cryptic load balancer domaoin name, instead you cna use your own registered domain.
Upvotes: 2
Related Questions
- AWS Application Load Balancer throws net::ERR_CERT_COMMON_NAME_INVALID
- ssl certificate through amazon elastic load balancer
- SSL not working with Elastic Load Balancer and Nginx
- Certificate authority SSL using AWS load balancer
- AWS ELB causing net::ERR_CERT_COMMON_NAME_INVALID error
- Getting net::ERR_CERT_COMMON_NAME_INVALID when accessing AWS ALB
- Misconfiguration of SSL Certificate for AWS Elastic Load Balancer
- SSL certificate for AWS internal load balancer
- SSL Certificate For AWS Load Balancer
- Trouble getting https to work with self signed certificate on aws elastic load balancer