By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Erro net::ERR_CERT_COMMON_NAME_INVALID com load balancer

0

I have an application load balancer and make requests from a custom domain with cloudFront. The problem is that when requesting an https domain for load balancer I end up receiving this error: net::ERR_CERT_COMMON_NAME_INVALID

After researching a lot I saw that the error is caused precisely by making requests to a domain that is not the same as the SSL certificate (dominiocustomizado.com.br > loadbalancer.elb.xxxxx). They said to associate the certificate with the load balancer, I have already configured the listeners but it seems that the request does not even reach the listeners, before that it blocks. What can I do to get requests between my SSL domain and the load balancer? Could it be a configuration error between services?

Topics
Networking & Content DeliverySecurity, Identity, & Compliance
Tags
Elastic Load BalancingAmazon CloudFrontAmazon Route 53AWS Certificate ManagerApplication Load Balancer
Language
English
Kayque Dias
asked 4 months ago180 views
2 Answers
0
Accepted Answer

I am not very clear on what your architecture is - as you mention using a custom domain with CloudFront and then Elastic Load Balancer as well.

If your requests are going to CloudFront you need:

  1. Make sure that you have the corect alternate domain setup on your CloudFront distribution. Read https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
  2. You need to either use AWS Certificate Manager, to issue a certificate that at least contains the common name that you wish to use for your custom domain, or you need to obtain a certificate from a public CA and import it to ACM.
  3. Configure the CloudFront distribution to use the certificate from 2
  4. The ELB at this point can have any certificate, as CloudFront will not validate the certificate when making origin calls, but you can put the same certificate onto the ALB using ACM.
  5. Configure the ALB to be a origin for CloudFront.
  6. Configure your DNS host name that matches your custom domain to point to the CloudFront distribution name.

Wait for DNS to propagate - and it should work.

AWS
EXPERT
Max Clements
answered 4 months ago
profile picture
EXPERT
MaxCloud
reviewed 4 months ago
0

Thanks Max, I solved this problem doing:

First: requesting another certificate for my load balancer dns using a subdomain of my custom domain Second: Resgistered a subdomain pointing to my load balancer in Route 53 and configured the listener with the subdomain

Then, the error about requesting to a different domain (cloud front (custom domain) > load balancer (load balancer dns) ) was solved, now is like: cloud front (custom domain) > load balancer (subdomain of custom domain)

Cors error solved!

Kayque Dias
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content