By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unable to execute HTTP request: Host name 'ace-photos-dev.s3.amazonaws.com' does not match the certificate subject provided by the peer (CN=*.s3.amazonaws.com)

0

We are attempting to upload an image to an S3 bucket but are this exception: "Unable to execute HTTP request: Host name 'ace-photos-dev.s3.amazonaws.com' does not match the certificate subject provided by the peer (CN=*.s3.amazonaws.com)"

We are using Jetty. The client is crearted with this code: private S3Client amazonS3() { S3Client amazonS3 = S3Client.builder(). credentialsProvider(awsCredentialsProvider()). region(Region.of(regionName)).build(); return amazonS3; } and putObject is executed in this code and throws an exception:

try{ client = amazonS3(); PutObjectRequest request = PutObjectRequest.builder().bucket(awsImageBucket).key(name).build(); PutObjectResponse response = client.putObject(request, RequestBody.fromInputStream(inputStream, inputStream.available()));

hash = response.toString();

}catch (Exception e) { throw new RuntimeException("SaveImageSevice saveImage; exception was thrown msg= " + e.getMessage(), e); }

software.amazon.awssdk.core.exception.SdkClientException: Unable to execute HTTP request: Host name 'ace-photos-dev.s3.amazonaws.com' does not match the certificate subject provided by the peer (CN=*.s3.amazonaws.com) return amazonS3; }

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
rrosensweig
asked 10 months ago887 views
1 Answer
0

The error message "Host name 'ace-photos-dev.s3.amazonaws.com' does not match the certificate subject provided by the peer (CN=*.s3.amazonaws.com)" may indicate that there is a may be a disconnect between the hostname you are using and the SSL certificate presented by the Amazon S3 service.

This may be because you are using a custom domain or hostname that does not match the SSL certificate's common name (CN) entries.

To resolve this issue, you may look into following options and try which meets your requirements.

  1. Use the default S3 endpoint instead of a custom hostname: If you are accessing an S3 bucket, you can use the default S3 endpoint (for example, "bucket-name>.s3.amazonaws.com"). Since the SSL certificate for the default S3 endpoint is issued for "*.s3.amazonaws.com," hostname inconsistencies shouldn't occur.

  2. Obtain a legitimate SSL certificate: If you must use a custom hostname, you should get a legitimate SSL certificate that corresponds to your custom domain or hostname. To provision a SSL certificate, you can either use a certificate issued by a reputable certificate authority (CA) or the AWS Certificate Manager (ACM) to provision a free SSL certificate..

  3. Use AWS CloudFront as a content delivery network (CDN) if you wish to offer your S3 content through a custom domain. You can set up specific SSL certificates for your domain using CloudFront. You may prevent hostname mismatch problems in this method. (https://aws.amazon.com/cloudfront/custom-ssl-domains/)

profile pictureAWS
EXPERT
AWS-User-Nitin
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content