- 最新
- 投票最多
- 评论最多
I had the same issue. API Gateway does not accept private signed certificates even from ACM. you'd need a public certificate validated. You can even use Letsencrypt.com or an Amazon Public Certificate validated by DNS. Heres' the documentation of the accepted entities: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-supported-certificate-authorities-for-http-endpoints.html
Just to double check with you, are you sure the integration type you choose is Proxy? review this step by step guide to bee 100% sure that your architecture is aligned with API GW private integrations: https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-private-integration.html
Best,
Hi Juan ... thank you very much for the reply. I don't understand the need for the Proxy integration. My API Gateway method invocation works if I have a plain TCP/80 listener on the NLB. But when I switch over to TLS/443 listener endpoint with a private ACM cert on the NLB, I get this error. How can I setup my API Gateway integration so that I don't get this error.
The thing is that the behaviour changes depending if you are using SSL/TLS (port 443) or HTTP (port 80), with the second one the connection terminates at the APIGW but no TLS negotiation needed, so no checks like the domain name or similar. With a SSL/TLS connection occurs the same, but the TLS termination happens on API GW not on your backend, so using the proxy mechanism the TLS will change the behaviour.
Best,
相关内容
AWS 官方已更新 9 个月前- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 5 个月前
Yes ... that's exactly what we ended up doing after contacting AWS Support. I was informed that API Gateway does not accept private certs. So had to get a proper cert and install that on the Listener and that resolved the issue.