How browser aws load balancer says connection is not private


#1

Hi I was able to use AWS’ canned SSL cert on an AWS load balancer that listens for incoming https traffic on 443 and returns http on 80 (was not able to return https over 443 their documentation refers to nonexistent buttons)

when i go to my site loads fine and shows the https security green tag by the url.

however, when i go to my load balancer’s address, which looks like

https://load-balancer-xxxxxx.us-east-1.elb.amazonaws.com/index.html

I see a webpage that says

Your connection is not private

Attackers might be trying to steal your information from load-balancer-xxxxxx.us-east-1.elb.amazonaws.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

i am wondering if this means my ssl and https communication over is not safe ? or what this error really means in terms of what i should be concerned about is the error due to the fact that the certified url for my site does not contain the domain *.amazonaws.com ?

if so should i consider making my ssl certificate for both my domain.com and *.amazonaws.com ?


#2

I’m not familiar with a “canned SSL cert,” but it sounds like it’s self-signed. That’s all under the control of Amazon.

Try https://www.ssllabs.com/ssltest/ and see what the certificate looks like. It could be similar to how the Cloudflare Origin certificate works, in that internally, it’s an accepted certificate, but not publicly certified.

A Cloudflare Origin CA Certificate is only trusted by Cloudflare and therefore should only be used by origin servers that are actively connected to Cloudflare. If at any point you pause or disable Cloudflare, your Origin CA certificate will throw an untrusted certificate error.


#3

web facing AWS Loadbalancer ? If so https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-internet-facing-load-balancers.html

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html

If you create a secure listener, you must deploy an SSL server certificate on your load balancer. The load balancer uses the certificate to terminate and then decrypt requests before sending them to the instances. If you don’t have an SSL certificate, you can create one. For more information, see SSL/TLS Certificates for Classic Load Balancers.

also https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/using-domain-names-with-elb.html


#4

This topic was automatically closed after 14 days. New replies are no longer allowed.