Home > Software design >  AWS Route53 A record to external ip, Certificate is Ineligible
AWS Route53 A record to external ip, Certificate is Ineligible

Time:10-28

I have an A record with my subdomain hello.example.com. It points to an external IP address.

The web server runs behind that IP address returns an SSL certificate. But the browser does not trust it.

Also, I created a certificate in ACM with the subdomain and the status was successful but it is not in use and ineligible.

CodePudding user response:

recapitulation as an answer

server runs behind that IP address returns an SSL certificate.. I created a certificate in ACM with the subdomain

ACM is used only with AWS managed services (CloudFront, API Gateway, Elastic Loadbalancer,..). So you may put the server in a private subnet behind a load balancer.

You cannot do that for a 3rd party server. DNS A record is just a pointer to an IP address. It is a responsibility of the server to return a valid certificate.

I am trying to make a secure connection between a 3th party web server that I don't have any control and my subdomain via an A record.

The server SSL certificates are intended to make sure the client communicates with the right server. The server needs to prove its domain name with the certificate when establishing the SSL connection.

Imagine you create your own DNS record pointing to any 3rd party site e. g. amazon site and you cannot expect it working.

Edit: it may be working if the server is using a wildcard certificate. Example - the server could use a certificate CN=*.example.com then a subdomain mysite.example.com would be trusted as well

Page link:https//www.codepudding.com/Softwaredesign/170423.html

Prev:How to fix "User not authorized to perfom rds:DescribeOrderableDBInstanceOption. AWS RDS"?
Next:Is it possible to use S3 Access Point as a static website?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding