HTTPS - Amazon Load Balancer with certificates

5
votes

I'm having some trouble using Amazon Load Balancer with HTTPS.

I already have a certificate and it's already configured.

Using curl, when I test load balance servers separately, I don't find any error.

But testing with load balancing address (curl -v "https_domain_name") it returns the following message:

"SSL certificate problem: unable to get local issuer certificate"

The certificate is valid and the name match the domain name in URL.

1
curlamazon-web-serviceshttpsload-balancing
Is it a new cert? It may have not yet saturated around the CAs? - brandonscript
It's an old one =/ ...and it's working... but doesn't work with Amazon LB =/ - briba
And you've gone through all of the AWS docs on it? It's a complicated process to get working, and that error is too generic to really pinpoint where the problem is. - brandonscript
I know =/ I'm reading for like.. 2 hours LOL.. must be a simple and a difficult problem at the same time hahaha.. but thank you r3mus! Appreciate your help! =) - briba
Yeah, I've always struggled with AWS getting things to work. Wish I could be more help, sorry! - brandonscript

1 Answers

0
votes

Sounds like the domain names may be different on the servers and the ELB.

Are you running curl to the ELB address or to the DNS CNAME that you setup for that server (you should run in to the CNAME).

The ELB addresses are something like this:

TestLB-1268527133.us-east-1.elb.amazonaws.com

The CNAME should be something like

www.yourdomain.com

If you're running to the CNAME, does it match the domain name on the cert ? In other words does it have the same domain domain as the server behind the ELB. Also, keep in mind that if you have multiple severs running behind an ELB running SSL you need a star cert. For example *.yourcomain.com