Reputation: 453
AWS Route53 A record to external ip, Certificate is Ineligible
I have an A record with my subdomain hello.example.com.
It points to an external IP address.
The web server runs behind that IP address returns an SSL certificate. But the browser does not trust it.
Also, I created a certificate in ACM with the subdomain and the status was successful but it is not in use and ineligible.
Upvotes: 0
Views: 287
Answers (1)
Reputation: 12075
recapitulation as an answer
server runs behind that IP address returns an SSL certificate.. I created a certificate in ACM with the subdomain
ACM is used only with AWS managed services (CloudFront, API Gateway, Elastic Loadbalancer,..). So you may put the server in a private subnet behind a load balancer.
You cannot do that for a 3rd party server. DNS A record is just a pointer to an IP address. It is a responsibility of the server to return a valid certificate.
I am trying to make a secure connection between a 3th party web server that I don't have any control and my subdomain via an A record.
The server SSL certificates are intended to make sure the client communicates with the right server. The server needs to prove its domain name with the certificate when establishing the SSL connection.
Imagine you create your own DNS record pointing to any 3rd party site e. g. amazon site and you cannot expect it working.
Edit: it may be working if the server is using a wildcard certificate. Example - the server could use a certificate CN=*.example.com then a subdomain mysite.example.com would be trusted as well
Upvotes: 1
Related Questions
- Adding SSL to domain hosted on route 53 AWS
- Route53 with SSL Cert
- Route53 for AWS Elastic Search Domain gives certificate error
- Route53 Secure Certificate
- Certificate failing on Load Balancer
- SSL certificates not working (AWS Route 53)
- CNAME to AWS Service - Browser Not Accepting Certificate
- AWS Route 53 traffic policy adding SSL
- Connect SSL Cert to Route53 Hosted Domain
- aws route53 CNAME to external site with SSL