Privacy error NET::ERR_CERT_AUTHORITY_INVALID Amazon EC2 single instance with ELB

1
votes

I have hosted my site on Shopify and own a domain. Now I need to host my backend web application on AWS. However the communication between shopify and AWS needs to happen in HTTPS. I have created AWS environment using elasticbeanstalk app with ELB (Elastic load balancer). I have configured ELB to use HTTPS and provided the certificate, generated using openssl like below.

openssl req -x509 -newkey rsa:2048 -sha256 -nodes -keyout elasticbeanstalk.key -out elasticbeanstalk.crt -subj "/CN=elasticbeanstalk.com" -days 3650

I have also successfully followed all steps mentioned here https://medium.com/@arcdigital/enabling-ssl-via-aws-certificate-manager-on-elastic-beanstalk-b953571ef4f8

However I still get privacy error with "NET::ERR_CERT_AUTHORITY_INVALID" in the browser when I hit the ELB url using https

I think I'm lacking something basic here. My confusion is that, which domain should I use to when creating the self signed certificate (My own domain or elasticbeanstalk.com or something else )? Is there anything else I'm missing?

1
amazon-web-servicessslamazon-ec2ssl-certificate

1 Answers

3
votes

The issue is that you are using a self-signed certificate.

Browsers ship with a list of trusted root certificate authorities. When HTTPS is used, the SSL certificate has a chain of authority which must end with a root certificate authority recognised by the browser.

The easiest solution in your scenario would be to use an Amazon Certificate with your ELB. These are available for free from the Amazon Certificate Manager which can be found in the AWS console.

Request a certificate (In the same AWS region as your ELB), follow the instructions to validate it and it will appear in the drop down options when choosing a certificate for the ELB.