SSL Termination at CloudFront, reverse proxy to ELB

Asked Oct 27 '18 at 02:30

Active Oct 27 '18 at 02:36

Viewed 768 times

I'm attempting to terminate SSL at CF, and send http to ELB.

When I changed the Origin Protocol Policy to HTTP Only, when I make an https request, it is returning a ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

What are the proper settings for the Cloudfront distribution to perform SSL termination at CF, and forward to the ELB?

My current settings are:

Origin Domain Name: a-xxxxxx.us-east-1.elb.amazonaws.com

Origin Protocol Policy: http-only

When I had match-viewer, http was working, and of course https was not. I'm intentionally am not trying to have the same cert in 2 places, and want to terminate at CF like so:

https -> CF -> http -> ELB

edited Oct 27 '18 at 02:36

asked Oct 27 '18 at 02:30

pyramation

1,631
4
22
35

possibly related: https://stackoverflow.com/a/52157174/549372 – Martin Zeitler Oct 27 '18 at 02:34
1

It doesn't sound like you have pointed a domain name at CloudFront but you didn't set the Alternate Domain Name for the distribution to that hostname. – Michael - sqlbot Oct 27 '18 at 16:46
yep! Michael you are right. Thank you. I thought for some reason that alias would be for additional names. This was the fix! – pyramation Oct 27 '18 at 22:19

SSL Termination at CloudFront, reverse proxy to ELB

0 Answers0