0

I have my java software hosted on AWS EC2, Its public IP only allows me for http connection, what is needed to make an https connection?

Sahil Pasricha
  • 11
  • 1
  • Some questions: 1) do you use an api gateway? 2) do you have a certificate? – Stefan Jul 16 '19 at 23:42
  • "public IP only allows me for http connection" meaning what exactly? What happens when you attempt an HTTPS connection? – Adrian Jul 16 '19 at 23:45
  • @Adrian, i meant that the default ip/dynamic ip given by AWS to access my application doesn't come with https and when I try accessing it with https, it just shows "This site can’t provide a secure connection" i assume there are some new ports to be activated for this on AWS side – Sahil Pasricha Jul 22 '19 at 20:33
  • An IP address doesn't provide HTTPS; it has nothing to do with HTTPS. You need a valid certificate, and you need port 443 (HTTPS) open to your endpoint. I'd strongly recommend doing some quick web searches to learn the basics of what HTTPS is and how it works. – Adrian Jul 23 '19 at 13:16

1 Answers1

3

On this answer it mentioned three options to enable EC2 serving HTTPS.

This is the step by step to have EC2 serves HTTPS using EC2 Load Balancer (option number one):

  1. Go to AWS Console - Certificate Manager - Request a certificate - Request a public certificate. Here you need to specify a domain name that you have control. If you have existing certificate then you can upload to use it.

  2. After the certificate status is Issued, then go to AWS Console - EC2 - Load Balancers. Create a new Load Balancer select Classic LB or Application LB.

    • On Step 1: Configure Load Balancer, you specify a listener: protocol = HTTPS.

    • On Step 2: Configure Security Settings, you select "Certificate type" = "Choose a certificate from ACM". On "Certificate name" you select the certificate issued on step #1 above.

    • On Step 3: Configure Security Groups, you select "Create a new security group". Select Type = HTTPS, Source = Anywhere.

    • On Step 4: Configure Routing, select "Target type" = "Instance", protocol = HTTP.

    • On Step 5: Register Targets, check your instance, add to registered target.

    • On Step 6: Review, verify everything then create. I skip trivial fields and other fields you can leave the default values.

  3. Back to AWS Console - EC2 - Load Balancers, select the new load balancer, after the state is active, get the DNS name from Basic Configuration and try access its HTTPS. If its up then you can start to redirect your domain to this load balancer. Notice that this load balancer is DNS type, so you register as CNAME record.

Donnie
  • 200
  • 1
  • 6
  • Thanks for the answer, it was really of much help, I managed to reach till the last point but still can't acess using https, though I got the DNS (LB-HTTPS-1827646526.us-east-2.elb.amazonaws.com), it is not working. – Sahil Pasricha Jul 27 '19 at 21:58
  • i can access https://LB-HTTPS-1827646526.us-east-2.elb.amazonaws.com/ but the ssl cert is invalid, and 503 error page displayed. This means the ELB is up but unable to forward the request to http daemon. Check the elb https target, it should be your ec2 port 80. Secondly you might want to use Amazon signed certificate (free). – Donnie Jul 31 '19 at 09:14