SSL common name invalid

[Lukas KUCHTA]

Hello, i'm trying to solve an "untrusted issue". I have Amazon ecs2 instance with docker compose and dotCMS running inside. I don't have any domain name yet.

I'm getting an error - server could not prove that it is PUBLIC IP it's security certificate  is from .local.dotcms.site. It's make a sence.

How can I solve this issue? Do I need domain name or is there any other option? I need to test a ssl communication with valid cert against my own instance. Am I able to figure out on the docker image side or ecs2 instance?

Thanks for advice

[Will Ezell]

The easiest way to do this is to add an ALB (Load Balancer) that holds the cert for you and point its target to the dotCMS ec2 instance.  You could also run an nginx docker container in your docker-compose that uses letsencrypt and proxy that to your dotcms container (this is less secure).  Here is a docker compose that shows how this can work.  You need to make sure that your DNS resolves to the  SERVERNAME and any EXTRANAMES you provide in order to generate a valid cert.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAF8cs-igD3S1XKWzERD_rROnw_h5SEWuQSP%3Dmd%3DX%3DyS89%3Dy%3DTQ%40mail.gmail.com.

--

382 NE 191st St #92150

Miami, Florida 33179-3899

Main: 305-900-2001 | Direct: 978.294.9429

wi...@dotcms.com | dotcms.com

[Lukas KUCHTA]

Thanks , 

if I understand correctly the both solutions LB or nginx-ssl-proxy i will still need a custom domain name and certificate for this domain isn't it ? 

pá 15. 12. 2023 v 17:45 odesílatel 'Will Ezell' via dotCMS User Group <dot...@googlegroups.com> napsal:

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAPL0VyH1hexw%3Db25M1BmFgAS43oVV6LGsa299tsMB-YtbxH67Q%40mail.gmail.com.

[Will Ezell]

If you don't want a custom domain, you can use the ALB load balancer name which comes with https, which is long and generally unguessable. 

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAF8cs-i8BJ6g6yDz%2Bex99cw7Y2amAEyy-4p_KK6sBr1x5N14Sw%40mail.gmail.com.

[Lukas KUCHTA]

Ssl for ALB generated name is not possible. https://stackoverflow.com/questions/68567684/why-does-awss-application-load-balancer-require-a-custom-domain-when-using-http

But I solved the issue with a custom domain name and certificate for it.  Custom domain  + ALB + EC2 and docker compose. 

Thanks Will I appreciate your help!

po 18. 12. 2023 v 15:21 odesílatel 'Will Ezell' via dotCMS User Group <dot...@googlegroups.com> napsal:

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAPL0VyHRfaAQwz-7wFCAYFPBeoviBzK2tnV9KvBF6iqCmv778Q%40mail.gmail.com.