Avoiding SSL certificate errors with Amazon S3 subdomain

https subdomain security-certificate amazon-s3
7,542

Rename to static-example-com.s3.amazonaws.com - this would work with the out of the box wildcard cert they supply. Take a look at what AWS recommends here.

Also, Id read through the answer here It looks like others have had the same issue you are having now.

Share:
7,542

Related videos on Youtube

Tim
Author by

Tim

Updated on September 18, 2022

Comments

  • Tim
    Tim over 1 year

    I have an Amazon S3 bucket set up for hosting static image files. I have set up subdomain redirection so that "static.example.com" points to my S3 bucket. The bucket is named "static.example.com" with an appropriate CNAME record.

    http://static.example.com/someimage.jpg does load from the S3 bucket.

    The problem arises when I enable SSL for the website. When I load https://www.example.com I get errors because I'm loading insecure content from a secure page as expected.

    After changing image sources to load https://static.example.com/someimage.jpg, images do not load because the browser blocks them because the certificate doesn't match.

    Amazon's certificate is good for *.s3.amazonaws.com, which would include "somebucket.s3.amazonaws.com" but does not match "static.example.com.s3.amazonaws.com" as I need it to.

    So the question is, how do I implement SSL as recommended when using a custom subdomain?

  • Michael - sqlbot
    Michael - sqlbot over 6 years
    Although renaming the bucket (not actually possible -- you actually have to create a new bucket with the new name) will allow you to use https://example-bucket.s3.amazonaws.com, there's also another factor your advice will break -- if you point a domain name directly at a bucket, the bucket name must exactly match the bucket name. This precludes custom domain names for buckets if you want HTTPS. To do that does require CloudFront, as mentioned in the comments of the answer you linked... and if you use CloudFront, the bucket name no longer needs to match the custom domain name.
  • Tim
    Tim over 6 years
    Michael is correct. If you use a custom subdomain, the bucket name must be the FQDN with the subdomain. A single name bucket is now allowed. (Though that does resolve the SSL error.)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting cookies for multiple sub-domains
How can I set the default page for an https request?
SSL not working on home page
How to avoid SSL warnings about certificate not for the current site when redirecting alternate domains?
Does SSL require a client side certificate of any kind at all?
In what path I can find the .crt file for Let's Encrypt SSL?
StartSSL certificate gives SEC_ERROR_REVOKED_CERTIFICATE in Firefox and ERR_CERT_AUTHORITY_INVALID in Chrome
Performance: 4096 Bit RSA-Key compared to 2048 bit RSA-Key
IIS 7 Require SSL automatically redirect to https://
Why is godaddy HTTPS/SSL certification so much cheaper than digicert, thawte, and verisign?