SyntaxFix

[amazon-web-services] Amazon S3 - HTTPS/SSL - Is it possible?

I saw a few other questions regarding this without any real answers or information (or so it appeared).

I have an image here:
http://furniture.retailcatalog.us/products/2061/6262u9665.jpg

Which is redirecting to:
http://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg

I need it to be (https):
https://furniture.retailcatalog.us/products/2061/6262u9665.jpg

So I installed a wildcard ssl on retailcatalog.us (we have other subdomains), but it wasn't working. I went to check
https://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg

And it wasn't working, which means on the Amazon S3 website itself the https wasn't working.

How do I make this work?

This question is related to amazon-web-services ssl amazon-s3 https

The answer is

This is a response I got from their Premium Services

Hello,

This is actually a issue with the way SSL validates names containing a period, '.', > character. We've documented this behavior here:

http://docs.amazonwebservices.com/AmazonS3/latest/dev/BucketRestrictions.html

The only straight-forward fix for this is to use a bucket name that does not contain that character. You might instead use a bucket named 'furniture-retailcatalog-us'. This would allow you use HTTPS with

https://furniture-retailcatalog-us.s3.amazonaws.com/

You could, of course, put a CNAME DNS record to make that more friendly. For example,

images-furniture.retailcatalog.us IN CNAME furniture-retailcatalog-us.s3.amazonaws.com.

Hope that helps. Let us know if you have any other questions.

Amazon Web Services

Unfortunately your "friendly" CNAME will cause host name mismatch when validating the certificate, therefore you cannot really use it for a secure connection. A big missing feature of S3 is accepting custom certificates for your domains.

UPDATE 10/2/2012

From @mpoisot:

The link Amazon provided no longer says anything about https. I poked around in the S3 docs and finally found a small note about it on the Virtual Hosting page: http://docs.amazonwebservices.com/AmazonS3/latest/dev/VirtualHosting.html

UPDATE 6/17/2013

From @Joseph Lust:

Just got it! Check it out and sign up for an invite: http://aws.amazon.com/cloudfront/custom-ssl-domains

payton109’s answer is correct if you’re in the default US-EAST-1 region. If your bucket is in a different region, use a slightly different URL:

https://s3-<region>.amazonaws.com/your.domain.com/some/asset

Where <region> is the bucket location name. For example, if your bucket is in the us-west-2 (Oregon) region, you can do this:

https://s3-us-west-2.amazonaws.com/your.domain.com/some/asset

I know its a year after the fact, but using this solves it: https://s3.amazonaws.com/furniture.retailcatalog.us/products/2061/6262u9665.jpg

I saw this on another site (http://joonhachu.blogspot.com/2010/09/helpful-tip-for-amazon-s3-urls-for-ssl.html).

As previously stated, it's not directly possible, but you can set up Apache or nginx + SSL on a EC2 instance, CNAME your desired domain to that, and reverse-proxy to the (non-custom domain) S3 URLs.

Source: Stackoverflow.com

Examples related to amazon-web-services

How to specify credentials when connecting to boto3 S3? Is there a way to list all resources in AWS Access denied; you need (at least one of) the SUPER privilege(s) for this operation Job for mysqld.service failed See "systemctl status mysqld.service" What is difference between Lightsail and EC2? AWS S3 CLI - Could not connect to the endpoint URL boto3 client NoRegionError: You must specify a region error only sometimes How to write a file or data to an S3 object using boto3 Missing Authentication Token while accessing API Gateway? The AWS Access Key Id does not exist in our records

Examples related to ssl

Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website A fatal error occurred while creating a TLS client credential. The internal error state is 10013 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number How to install OpenSSL in windows 10? ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" "SSL certificate verify failed" using pip to install packages ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel "ssl module in Python is not available" when installing package with pip3

Examples related to amazon-s3

How to specify credentials when connecting to boto3 S3? AWS S3 CLI - Could not connect to the endpoint URL How to write a file or data to an S3 object using boto3 The AWS Access Key Id does not exist in our records AccessDenied for ListObjects for S3 bucket when permissions are s3:* Save Dataframe to csv directly to s3 Python Listing files in a specific "folder" of a AWS S3 bucket How to get response from S3 getObject in Node.js? Getting Access Denied when calling the PutObject operation with bucket-level permission Read file content from S3 bucket with boto3

Examples related to https

What's the net::ERR_HTTP2_PROTOCOL_ERROR about? Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website Android 8: Cleartext HTTP traffic not permitted ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" How do I make a https post in Node Js without any third party module? Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint How to force Laravel Project to use HTTPS for all routes? Could not create SSL/TLS secure channel, despite setting ServerCertificateValidationCallback Use .htaccess to redirect HTTP to HTTPs

Tags

Isql Stderr Iweb Auto-update Eclipse-ecf Copy-mode Dup2 Office-addins Stress-testing Scaletransform Greatest-common-divisor 8-bit Nibble Mx-record Pcm Having-clause Mount Usability-testing Test-first Psd Mercurial-queue Iprincipal Mdns Isolatedstoragefile Networkstream Switch-user Bde Kde Html5-video Single-user Autofac Rss2 Interval-tree Facebook-authentication Symbolic-references Incompatibility Omap Real-time-strategy Remote-access Festival Modalpopups Dll-injection T4 Shell-verbs Closedir Model-driven Jcs Dialogbasedapp Quantumgrid Geodjango Application-singleton Compatibility Javascript-framework Rdflib System.net.mail Setup.exe Jquery-masonry Cextension Css-frameworks Uservoice Static-typing Demoscene Nhibernate-projections Drupal-alter Set-include-path Image-transcoding Android-assets Minidumpwritedump Lua-c++-connection Config-spec Beans-binding Roulette-wheel-selection Digest Getcustomattributes Avr Notepad Iptv Zentest Auto-close Leader Windows-mobile Communication Activity-state Chdatastructures Commit Django-syncdb Propertygrid Jframe Bzr-svn Mysql-error-1415 Web.py Adobe-premiere Explicit-conversion Filenet-p8 Inspections Webinvoke Pidgin Unity-application-block Microphone Ispell