The problem is that your AWS desktop (either the OS as a whole or the browser you're using on it specifically) doesn't trust the certificate. Please feel free to write this up as an answer and I'll select it. The trust change was: CN= O=cool org OU=AcmeĬN=Acme CA 1 O=IT OU=Acme <<< Trusted on EC2 not trusted on AWS Desktop I didn't track down why but instead copied the CA cert from the working browser (EC2) to the AWS Desktop browser and the problem went away. When I checked the browser's on my AWS Desktop, I found that the CA store did have the internal CA certs needed, but the Anchor (top level) Root CA was not trusted. This comment resulted in me finding the answer. Note that the browser uses its own root CA store, so you need to check what root CA are installed in the specific browser instance you are using. The page shows this warning page (I clicked on Show advanced, as requested in the comment). I can't share the exact cert with you for company privacy reasons. If I click to view the certificate, there is nothing highlighted in the certificate to indicate what the browser doesn't like (but I'm not sure what if anything I would see). It says Not Secure next to the URL, and the string https of the URL is in red and has a red strikethrough on it. Please provide the exact error message you get, including the advanced details offered. "the browser says the certificate is not trusted" - what exactly does the browser say. Answers to comments What exactly does the browser Ullrich commented: Searching for this answer is difficult because of the complexity of the setup. My question is why is the certificate not trusted when going through the ssh tunnel? When I do this, the chromium browser running on my AWS Desktop complains that the certificate is not trusted (even though it is the same certificate as served in the 1st example which is trusted). So when I open my browser on my AWS Desktop host, I can hit the apps that are running on my EC2 instance. And also sets up ssh tunnels for ports 80. The above configuration allows me to open X windows apps on my EC2 instance and have them displayed on my AWS Linux Desktop. I have configured ssh tunnels and X Forwarding in my $HOME/.ssh/config file as follows: Host dev The diagram looks like this: AWS Desktop => ssh tunnel (on port 8443) => EC2 Instance () Next, however, the browser says the certificate is not trusted, and I don't know why. The chromium-browser running on my EC2 instance uses URL to connect to MyApp:8443 via localhost and it all works and the browser says the certificate is trusted. The diagram looks like this: AWS Desktop => ssh (with X Forwarding) => EC2 Instance () I'm first logged into an AWS Linux Desktop, and then I ssh to my EC2 instance and have X forwarding enabled (which allows me to open chrome on my EC2 instance and have it displayed on my AWS Desktop). In the above case, I'm actually running on an EC2 instance. I can also use my FQDN name of and the browser also shows the certificate as trusted. When I'm on my development box (i.e, ) and open my local browser to the browser shows the certificate as trusted (as I expected it would). NOTE: The companies CA certs are loaded in my browser so all certs signed by this Certificate Authority are trusted in the browser. The relevant details are: Subject: CN= O=cool org OU=Acme The CN is the FQDN of my development box, but I've also added subjectAlternative names that include localhost so even when I'm using localhost the cert is trusted. I've created a developer cert with my companies CA for my development box.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |