- 최신
- 최다 투표
- 가장 많은 댓글
I had the same issue. API Gateway does not accept private signed certificates even from ACM. you'd need a public certificate validated. You can even use Letsencrypt.com or an Amazon Public Certificate validated by DNS. Heres' the documentation of the accepted entities: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-supported-certificate-authorities-for-http-endpoints.html
Just to double check with you, are you sure the integration type you choose is Proxy? review this step by step guide to bee 100% sure that your architecture is aligned with API GW private integrations: https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-private-integration.html
Best,
Hi Juan ... thank you very much for the reply. I don't understand the need for the Proxy integration. My API Gateway method invocation works if I have a plain TCP/80 listener on the NLB. But when I switch over to TLS/443 listener endpoint with a private ACM cert on the NLB, I get this error. How can I setup my API Gateway integration so that I don't get this error.
The thing is that the behaviour changes depending if you are using SSL/TLS (port 443) or HTTP (port 80), with the second one the connection terminates at the APIGW but no TLS negotiation needed, so no checks like the domain name or similar. With a SSL/TLS connection occurs the same, but the TLS termination happens on API GW not on your backend, so using the proxy mechanism the TLS will change the behaviour.
Best,
관련 콘텐츠
AWS 공식업데이트됨 2년 전
Yes ... that's exactly what we ended up doing after contacting AWS Support. I was informed that API Gateway does not accept private certs. So had to get a proper cert and install that on the Listener and that resolved the issue.