I have a pyramid/python application with a page at www.domain.com that creates html pages at s3.amazonaws.com/testbucket/object_name. Right now in this test bucket, I also have javascript files that each object(html page) utilizes. I want it so that users can go to subdomain.domain.com/object_name and see the files with the javascript enabled. I have cname'd subdomain.domain.com (the name of my bucket) to s3.amazonaws.com. (with that last period at the end). Right now I have two problems (I am far more concerned with the second one)

1). When I try and access the url via https://subdomain.domain.com/object_name I get a security error (I assume this is because it is redirecting to an amazon s3 bucket. How can I get an ssl certificate for my bucket?

2) When I try and access the url via http://subdomain.domain.com/object_name, there is no secutiry error (not https) but the javascript isn't enabled. How can I make sure that those jacvascript files on the s3 bucket still work?

Edit: upon looking at the developer tools, I see the error: Failed to load resource: the server responded with a status of 403 (Forbidden) referring to the javascript file. Why would this file be forbidden when I have made it public in the bucket?

S3 does not allow you to configure your own SSL certificates for buckets - this is an inherit "problem" with the way S3 is designed and distributed across servers - Amazon provides their own certificate for use with S3, no configuration required.

However, and this is very important - you cannot use SSL over CNAME, period. If you want to use your pretty domain name with SSL using S3 you're out of luck. Its just a S3 quirk we have to live with. (https://forums.aws.amazon.com/thread.jspa?threadID=60502).

In summary, if you want SSL, you must use the full S3 bucket path.