0

We have a domain on Amazon cloudfront for CDN and we are using our own subdomain and https certificate to access some images, like this: https://aws.somedomain.com/images/image1.jpg We have a different server used for the same purpose: https://private.somedomain.com/images/image1.jpg Everything works fine.

Now we want to use a Global Traffic Director setting from Constellix in order to direct traffic from USA to aws.somedomain.com and traffic from Europe to private.somedomain.com We setup a CNAME entry on Constellix which seems to be working fine. For Europe, traffic is delivered from our private server. For USA the traffic is directed correctly but the certificate seems to have some issues. In Firefox we get: SSL_ERROR_NO_CYPHER_OVERLAP, so something is messed up somewhere.

Here is a diagram on how we see the things:enter image description here

Adi Fatol
  • 956
  • 15
  • 24
  • 1
    Could you refer this please:https://stackoverflow.com/questions/42844989/cloudfront-distribution-and-aws-issued-certificate-gives-ssl-error-no-cypher-ove – sudo Sep 06 '17 at 17:30
  • This was a good resource, it was a different problem though (CNAME was already set on aws in our situation). But it gave us some good ideas on what to try different so we managed to find the solution. Thank you! – Adi Fatol Sep 07 '17 at 10:54

1 Answers1

0

It seems that it works if the image.somedomain.com has the same name as aws.somedomain.com so we replaced this on Cloudfront: image.somedomain.com is used on amazon in the Alternate Domain Names (CNAMEs) field

now we have:

                                      (   aws Cloudfront   )
                         image.somedomain.com -- xyz.cloudfront.com
                       /
                    US,other
image.somedomain.com /
   (constellix)      \
                    Europe
                       \
                         private.somedomain.com
                                       (   private cloud   )
Adi Fatol
  • 956
  • 15
  • 24