Virtual hosted URL access to S3 buckets

Owned by Abraham Felsenstein
May 16, 2017
1 min read

Question:

Some tools use virtual hosted style URL to access the bucket and we noticed SSL server is not configured correctly for virtual hosted style URL

example : inbox.acme.cloud.caringo.com

Answer:

SSL wildcard certificates only support 1 level of domain name. So our *.cloud.caringo.com certificate only matches the domain level (acme.cloud.caringo.com), not the bucket level (inbox.acme.cloud.caringo.com).

We would have to create certificates for each domain (or list all domains as SANs on a single certificate). This generally is not feasible as we add domains all the time. On a small scale you could certainly list certain domains in your cert and they would work.Amazon S3 has the same issue and there are multiple front end services that provide personal certificates to get around it.

AWS S3 defines their 10 domains (region) and has a wildcard for each region to cover all the buckets. They tell you that, if you are going to use virtual hosting of buckets where you use your own domain name instead of their region, you must use a cloud load balancer and install your own SSL certificate there.


© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.