AWS Load Balancer not secure

3
votes

I've configured a classic load balancer using this tutorial: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-getting-started.html

I've added an SSL certificate from AWS and the latest cipher. The listener if configured to receive connections on port 443 and send them to my instance on port 80.

When I try to access the load balancer from a browser using it's DNS name it says that it's not secure.

Why is not secure event if it has an SSL certificate? How can I make my load balancer secure? In front of the load balancer I want to have cloudflare with a full ssl.

1
amazon-web-servicesamazon-ec2elastic-load-balancer
Most browsers, when it says it's not secure will say why it's not secure. For example, your HTML may be referencing non-HTTPS resources.Matt Houser
This server could not prove that it is [DNS name of balancer]; its security certificate is from [domain name]. This may be caused by a misconfiguration or an attacker interception your connection. I guess if I point the cloudflare to the load balancer DNS name, it should work, right?Dr.Agos

1 Answers

9
votes

You are seeing that issue because your SSL certificate is for example.com and you are accessing your endpoint using the load balancer URL abc.elb.amazonaws.com. In this situation, the URLs do not match, so your browser is showing the warning.

In actual use, you should access the load balancer via example.com, matching the domain in the SSL. You can do this using a DNS CNAME, or alias (Route 53 only), or hosts file. When accessed this way, you will not see the warning since you are accessing your actual domain.