Amazon S3 - HTTPS/SSL - Is it possible?
Amazon Web-ServicesSslAmazon S3HttpsAmazon Web-Services Problem Overview
I saw a few other questions regarding this without any real answers or information (or so it appeared).
I have an image here:
http://furniture.retailcatalog.us/products/2061/6262u9665.jpg
Which is redirecting to:
http://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg
I need it to be (https):
https://furniture.retailcatalog.us/products/2061/6262u9665.jpg
So I installed a wildcard ssl on retailcatalog.us (we have other subdomains), but it wasn't working. I went to check
https://furniture.retailcatalog.us.s3.amazonaws.com/products/2061/6262u9665.jpg
And it wasn't working, which means on the Amazon S3 website itself the https wasn't working.
How do I make this work?
Amazon Web-Services Solutions
Solution 1 - Amazon Web-Services
This is a response I got from their Premium Services
> Hello, > > This is actually a issue with the way SSL validates names containing a period, '.', > character. We've documented this behavior here: > > http://docs.amazonwebservices.com/AmazonS3/latest/dev/BucketRestrictions.html > > The only straight-forward fix for this is to use a bucket name that does not contain that character. You might instead use a bucket named 'furniture-retailcatalog-us'. This would allow you use HTTPS with > > https://furniture-retailcatalog-us.s3.amazonaws.com/ > > You could, of course, put a CNAME DNS record to make that more friendly. For example, > > images-furniture.retailcatalog.us IN CNAME furniture-retailcatalog-us.s3.amazonaws.com. > > Hope that helps. Let us know if you have any other questions. > >Amazon Web Services
Unfortunately your "friendly" CNAME will cause host name mismatch when validating the certificate, therefore you cannot really use it for a secure connection. A big missing feature of S3 is accepting custom certificates for your domains.
UPDATE 10/2/2012
From @mpoisot:
The link Amazon provided no longer says anything about https. I poked around in the S3 docs and finally found a small note about it on the Virtual Hosting page: http://docs.amazonwebservices.com/AmazonS3/latest/dev/VirtualHosting.html
UPDATE 6/17/2013
From @Joseph Lust:
Just got it! Check it out and sign up for an invite: http://aws.amazon.com/cloudfront/custom-ssl-domains
Solution 2 - Amazon Web-Services
I know its a year after the fact, but using this solves it: https://s3.amazonaws.com/furniture.retailcatalog.us/products/2061/6262u9665.jpg
I saw this on another site (http://joonhachu.blogspot.com/2010/09/helpful-tip-for-amazon-s3-urls-for-ssl.html).
Solution 3 - Amazon Web-Services
payton109’s answer is correct if you’re in the default US-EAST-1 region. If your bucket is in a different region, use a slightly different URL:
https://s3-<region>.amazonaws.com/your.domain.com/some/asset
Where <region>
is the bucket location name. For example, if your bucket is in the us-west-2
(Oregon) region, you can do this:
https://s3-us-west-2.amazonaws.com/your.domain.com/some/asset
Solution 4 - Amazon Web-Services
As previously stated, it's not directly possible, but you can set up Apache or nginx + SSL on a EC2 instance, CNAME your desired domain to that, and reverse-proxy to the (non-custom domain) S3 URLs.