I have configured SSl certificate on AWS EC2 server by following Step-by-Step procedure to generate a CSR and install an SSL Certificate on a Tomcat web server. And I purchased this SSl certificate from Comodo. But after all installations setup, am not redirecting to my server when I add HTTPS to it.
Please help me out on this issue...
Thank you
If you want to force a redirect from http to https you need this
<Connector port="xx" protocol="HTTP/1.1"
redirectPort="443"/>
Related
I am using AWS load balancer to listen to dev.example.com and api.dev.example.com. I have added amazon managed certificates in the listener for both the subdomains. I can connect to dev.example.com successfully, but for api.dev.example.com I am getting an SSL error. I am using AWS default security policy(ELBSecurityPolicy-2016-08). I did sslscan for api.dev subdomain and got the following error
TLS Fallback SCSV:
Connection failed - unable to determine TLS Fallback SCSV support
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
OpenSSL version does not support compression
Rebuild with zlib1g-dev package for zlib support
Heartbleed:
Supported Server Cipher(s):
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Certificate information cannot be retrieved.
Why is sslscan failing for api.dev subdomain while it is successful for dev subdomain? How can I resolve this?
Second level subdomains have to be listed in the SSL certificate. If you have a *.example.com wildcard certificate the wildcard is only valid for one level. You would also need to add wildcards for other levels, like: *.dev.example.com.
This is not a limitation of AWS, it is a limitation of SSL certificates.
I'm developing a django web app which runs on a gunicorn-nginx local server.
I've followed this digitalocean guide to setup the web app but I don't understand how to create a ssl certificate and use it without having a domain name.
I've found a lot of guides but none of them specify how to enable HTTPS without a domain and using a local IP.
How can I make this happen?
One way would be to create a self-signed certificate using openssl (How to generate a self-signed SSL certificate using OpenSSL?). But these certificates will not have the security layer provide by CA certificate providers.
Once you have a certificate, then you can run the gunicorn server in HTTPS mode by providing the certificate and the key (Running gunicorn on https?)
I have looked after so many webpages and tutorials but every source is different from each other and I don't really know how to start and where to search. My scenario: I have launched a javascript webapp on a Tomcat which I installed on an AWS EC2 instance like it is done in this video: https://www.youtube.com/watch?v=_d-c9uGcUrU
Now I want to secure this webapp via HTTPS. So what I've done yet? I added port 443 to my security group and added 0.0.0.0/0 and ::/0 to the sources. Furthermore I edited the server.xml file in the Apache Tomcat conf directory, made the tomcat accessible under port 80 instead of 8080 and added a redirect to port 443:
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
But when I enter the URL https://ec2-[IPv4-adress].eu-central-1.compute.amazonaws.com in my browser I get a connection refused error. What else I should do to get this going? Do I need an extra SSL certificate for my AWS URL? And if yes is the AWS certificate manager the right way? It seems like I can enter every domain in the world in the certificate formular. That confuses me. I just want the ec2-[...].eu-central-1.amazonaws.com/ URL to use HTTPS so what should I enter there?
I am trying to use an amazon SSL certificate for my app. Currently, I have dockerized application hosting on the AWS server with envoy front-proxy. I am using lets-encrypt SSL certificates for a trusted domain certificate. Now I want to switch it with amazon's SSL certificates.
I am exploring this but I didn't get any clear idea. This blog show how to enable traffic encryption between services in AWS App Mesh using AWS Certificate Manager. but they have not mentioned how to do it with enovy proxy.
For envoy, we have to provide cert and key files. But as per this question, we are not able to download these files from amazon. Is it possible to use the Amazon certificate with envoy front-proxy? If yes then can you please give me the idea/example of how to do it?
Thanks in advance..
Only AWS Services can use AWS SSL Certificates. If you want to use an AWS SSL Certificate for TLS/HTTP traffic you would use an Application Load Balancer to handle the certificate and send it to your Envoy proxy hosted on an EC2 box. Ideally you would keep the network traffic encrypted which would require you to use a LetsEncrypt certificate between the Application Load Balancer and EC2.
I am trying to host my frontend on AWS using cloudfront and backend on a EC2 behind a classic loadbalancer. I have imported my SSL certificate in ACM. Using ACM the certifcate has been installed on Cloudfront and classic Loadbalancer.
Cloudfront configuration:
Alternate Domain Names (CNAMEs) = mydomain.com
SSL Certificate = mydomain.com (xxx-yyy-zzz............)
Classic loadbalancer Configuration:
The load balancer is hosted on api.mydomain.com and SSL certificate installed using ACM.
Security group inbound rules configuration:
EC2 is running a Nodejs server listening on port 80. I haven't installed SSL certificate on EC2 because it was not mentioned in AWS documentation.
The home page opens up but when I try to login I get an error:
LoginSignUp.js:84 OPTIONS https://api.mydomain.com/user/signin net::ERR_INSECURE_RESPONSE
So the browser is blocking backend response because it is not secure. Do I need to install SSL certificate on EC2 also? Or did I make any configuration mistake?
It appears from your question that your SSL certificate is for mydomain.com and you are trying to request api.mydomain.com
Create a new ACM certificate that includes api.domain.com as either the domain name or as a Subject Alternative Name (SAN).
At a glance, the rest of the build looks correct.