SSL common name invalid

24 views
Skip to first unread message

Lukas KUCHTA

unread,
Dec 15, 2023, 10:19:48 AM12/15/23
to dot...@googlegroups.com
Hello, i'm trying to solve an "untrusted issue". I have Amazon ecs2 instance with docker compose and dotCMS running inside. I don't have any domain name yet.

I'm getting an error - server could not prove that it is PUBLIC IP it's security certificate  is from .local.dotcms.site. It's make a sence.

How can I solve this issue? Do I need domain name or is there any other option? I need to test a ssl communication with valid cert against my own instance. Am I able to figure out on the docker image side or ecs2 instance?

Thanks for advice






Will Ezell

unread,
Dec 15, 2023, 11:45:08 AM12/15/23
to dot...@googlegroups.com
The easiest way to do this is to add an ALB (Load Balancer) that holds the cert for you and point its target to the dotCMS ec2 instance.  You could also run an nginx docker container in your docker-compose that uses letsencrypt and proxy that to your dotcms container (this is less secure).  Here is a docker compose that shows how this can work.  You need to make sure that your DNS resolves to the  SERVERNAME and any EXTRANAMES you provide in order to generate a valid cert.




--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAF8cs-igD3S1XKWzERD_rROnw_h5SEWuQSP%3Dmd%3DX%3DyS89%3Dy%3DTQ%40mail.gmail.com.


--



382 NE 191st St #92150
Miami, Florida 33179-3899
Main: 
305-900-2001 | Direct: 978.294.9429

docker-compose.yml

Lukas KUCHTA

unread,
Dec 16, 2023, 3:01:53 AM12/16/23
to dot...@googlegroups.com
Thanks , 
if I understand correctly the both solutions LB or nginx-ssl-proxy i will still need a custom domain name and certificate for this domain isn't it ? 


pá 15. 12. 2023 v 17:45 odesílatel 'Will Ezell' via dotCMS User Group <dot...@googlegroups.com> napsal:

Will Ezell

unread,
Dec 18, 2023, 9:21:46 AM12/18/23
to dot...@googlegroups.com
If you don't want a custom domain, you can use the ALB load balancer name which comes with https, which is long and generally unguessable. 

Lukas KUCHTA

unread,
Dec 18, 2023, 11:17:12 AM12/18/23
to dot...@googlegroups.com
Ssl for ALB generated name is not possible. https://stackoverflow.com/questions/68567684/why-does-awss-application-load-balancer-require-a-custom-domain-when-using-http

But I solved the issue with a custom domain name and certificate for it.  Custom domain  + ALB + EC2 and docker compose. 

Thanks Will I appreciate your help!

po 18. 12. 2023 v 15:21 odesílatel 'Will Ezell' via dotCMS User Group <dot...@googlegroups.com> napsal:
Reply all
Reply to author
Forward
0 new messages