Amazon S3 - HTTPS/SSL - Is it possible?

amazon-web-services ssl amazon-s3 https
Kerry Jones picture Kerry Jones · Jun 15, 2010 · Viewed 123.4k times · Source

I saw a few other questions regarding this without any real answers or information (or so it appeared).

I have an image here:
http://furniture.retailcatalog.us/products/2061/6262u9665.jpg

Which is redirecting to:
http://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg

I need it to be (https):
https://furniture.retailcatalog.us/products/2061/6262u9665.jpg

So I installed a wildcard ssl on retailcatalog.us (we have other subdomains), but it wasn't working. I went to check
https://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg

And it wasn't working, which means on the Amazon S3 website itself the https wasn't working.

How do I make this work?

Answer

Kerry Jones picture Kerry Jones · Jun 16, 2010

This is a response I got from their Premium Services

Hello,

This is actually a issue with the way SSL validates names containing a period, '.', > character. We've documented this behavior here:

http://docs.amazonwebservices.com/AmazonS3/latest/dev/BucketRestrictions.html

The only straight-forward fix for this is to use a bucket name that does not contain that character. You might instead use a bucket named 'furniture-retailcatalog-us'. This would allow you use HTTPS with

https://furniture-retailcatalog-us.s3.amazonaws.com/

You could, of course, put a CNAME DNS record to make that more friendly. For example,

images-furniture.retailcatalog.us IN CNAME furniture-retailcatalog-us.s3.amazonaws.com.

Hope that helps. Let us know if you have any other questions.

Amazon Web Services

Unfortunately your "friendly" CNAME will cause host name mismatch when validating the certificate, therefore you cannot really use it for a secure connection. A big missing feature of S3 is accepting custom certificates for your domains.

UPDATE 10/2/2012

From @mpoisot:

The link Amazon provided no longer says anything about https. I poked around in the S3 docs and finally found a small note about it on the Virtual Hosting page: http://docs.amazonwebservices.com/AmazonS3/latest/dev/VirtualHosting.html

UPDATE 6/17/2013

From @Joseph Lust:

Just got it! Check it out and sign up for an invite: http://aws.amazon.com/cloudfront/custom-ssl-domains

Related questions

Cloudfront serving over own SSL certificate

does anyone know if its possible to serve with cloudfront over https with your own certificate while using your own CNAME? i can't even find a way to set up my own SSL cert over S3... so im not sure …

Read More
How to Configure SSL for Amazon S3 bucket

I am using an Amazon S3 bucket for uploading and downloading of data using my .NET application. Now my question is: I want to access my S3 bucket using SSL. Is it possible to implement SSL for an Amazon s3 …

Read More
How to add SSL certificate to AWS EC2 with the help of new AWS Certificate Manager service

AWS has come up with a new service AWS Certificate Manager. One thing I got from the description is that if we are using this service we don't have to pay for the certificate anymore. They are providing certificates for …

Read More