AWS Load Balancer not secure

About

Asked 17/3, 2017 at 12:54 Answered 17/3, 2017 at 13:18

Solved amazon-web-services amazon-ec2 elastic-load-balancer

I've configured a classic load balancer using this tutorial: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-getting-started.html

I've added an SSL certificate from AWS and the latest cipher. The listener if configured to receive connections on port 443 and send them to my instance on port 80.

When I try to access the load balancer from a browser using it's DNS name it says that it's not secure.

Why is not secure event if it has an SSL certificate? How can I make my load balancer secure? In front of the load balancer I want to have cloudflare with a full ssl.

Micrococcus answered 17/3, 2017 at 12:54 Comment(2)

Most browsers, when it says it's not secure will say why it's not secure. For example, your HTML may be referencing non-HTTPS resources. – Therefor 17/3, 2017 at 13:2

This server could not prove that it is [DNS name of balancer]; its security certificate is from [domain name]. This may be caused by a misconfiguration or an attacker interception your connection. I guess if I point the cloudflare to the load balancer DNS name, it should work, right? – Micrococcus 17/3, 2017 at 13:13

You are seeing that issue because your SSL certificate is for example.com and you are accessing your endpoint using the load balancer URL abc.elb.amazonaws.com. In this situation, the URLs do not match, so your browser is showing the warning.

In actual use, you should access the load balancer via example.com, matching the domain in the SSL. You can do this using a DNS CNAME, or alias (Route 53 only), or hosts file. When accessed this way, you will not see the warning since you are accessing your actual domain.

Therefor answered 17/3, 2017 at 13:18 Comment(2)

Matt, consider this scenario; My example.com com is safe since there is a certificate attached for it. Then for reason I want to access my website using abc.elb.amazonaws.com, which of course shows the warning. If i bypass the warning and choose to continue with it, is it secure? – Serrulate 5/7, 2017 at 4:36

@AnkitSahu The connection will still be SSL, which will be encrypted. But your browser will warn you that the site URL does not match the certificate. Those are the facts. I'm not going to say whether that's considered "secure" or not. – Therefor 5/7, 2017 at 16:15

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags