ECS with ALB and SSL certificate issue: net::ERR_CERT_COMMON_NAME_INVALID











up vote
0
down vote

favorite












I have an aws ECS setup and using ALB for the load balancer. The container task is running on port 8080. I have also added an HTTPS listener with SSL Certificate from ACM, which forwards the requests to the container.



Now I have one issue here. When using curl or postman to contact the load balancer's DNS name, I get the response from the app perfectly. But when using the very same DNS name in my frontend and running in frontend app locally (localhost:3000), and the request is generated from Chrome I get the following error:
net::ERR_CERT_COMMON_NAME_INVALID



How can I resolve this issue?



I also tried deploying the app to my test env, so instead of localhost, I have https://example.com which now matches the Domain name of the Certificate (*.example.com). But still same results.






amazon-web-services google-chrome docker amazon-ecs aws-alb







share|improve this question






















  • Can you post the complete output of curl -vvv "URL" here?
    – Mohit Kumar
    Nov 8 at 20:22










  • I get this now: curl: (35) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.
    – shwz
    Nov 9 at 8:51

















up vote
0
down vote

favorite












I have an aws ECS setup and using ALB for the load balancer. The container task is running on port 8080. I have also added an HTTPS listener with SSL Certificate from ACM, which forwards the requests to the container.



Now I have one issue here. When using curl or postman to contact the load balancer's DNS name, I get the response from the app perfectly. But when using the very same DNS name in my frontend and running in frontend app locally (localhost:3000), and the request is generated from Chrome I get the following error:
net::ERR_CERT_COMMON_NAME_INVALID



How can I resolve this issue?



I also tried deploying the app to my test env, so instead of localhost, I have https://example.com which now matches the Domain name of the Certificate (*.example.com). But still same results.






amazon-web-services google-chrome docker amazon-ecs aws-alb







share|improve this question






















  • Can you post the complete output of curl -vvv "URL" here?
    – Mohit Kumar
    Nov 8 at 20:22










  • I get this now: curl: (35) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.
    – shwz
    Nov 9 at 8:51















up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have an aws ECS setup and using ALB for the load balancer. The container task is running on port 8080. I have also added an HTTPS listener with SSL Certificate from ACM, which forwards the requests to the container.



Now I have one issue here. When using curl or postman to contact the load balancer's DNS name, I get the response from the app perfectly. But when using the very same DNS name in my frontend and running in frontend app locally (localhost:3000), and the request is generated from Chrome I get the following error:
net::ERR_CERT_COMMON_NAME_INVALID



How can I resolve this issue?



I also tried deploying the app to my test env, so instead of localhost, I have https://example.com which now matches the Domain name of the Certificate (*.example.com). But still same results.






amazon-web-services google-chrome docker amazon-ecs aws-alb







share|improve this question













I have an aws ECS setup and using ALB for the load balancer. The container task is running on port 8080. I have also added an HTTPS listener with SSL Certificate from ACM, which forwards the requests to the container.



Now I have one issue here. When using curl or postman to contact the load balancer's DNS name, I get the response from the app perfectly. But when using the very same DNS name in my frontend and running in frontend app locally (localhost:3000), and the request is generated from Chrome I get the following error:
net::ERR_CERT_COMMON_NAME_INVALID



How can I resolve this issue?



I also tried deploying the app to my test env, so instead of localhost, I have https://example.com which now matches the Domain name of the Certificate (*.example.com). But still same results.






amazon-web-services google-chrome docker amazon-ecs aws-alb




amazon-web-services google-chrome docker amazon-ecs aws-alb






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 8 at 11:03









shwz

7111




7111












  • Can you post the complete output of curl -vvv "URL" here?
    – Mohit Kumar
    Nov 8 at 20:22










  • I get this now: curl: (35) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.
    – shwz
    Nov 9 at 8:51




















  • Can you post the complete output of curl -vvv "URL" here?
    – Mohit Kumar
    Nov 8 at 20:22










  • I get this now: curl: (35) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.
    – shwz
    Nov 9 at 8:51


















Can you post the complete output of curl -vvv "URL" here?
– Mohit Kumar
Nov 8 at 20:22




Can you post the complete output of curl -vvv "URL" here?
– Mohit Kumar
Nov 8 at 20:22












I get this now: curl: (35) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.
– shwz
Nov 9 at 8:51






I get this now: curl: (35) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.
– shwz
Nov 9 at 8:51



















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53206421%2fecs-with-alb-and-ssl-certificate-issue-neterr-cert-common-name-invalid%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53206421%2fecs-with-alb-and-ssl-certificate-issue-neterr-cert-common-name-invalid%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Schultheiß

Image
Der Titel dieses Artikels ist mehrdeutig. Weitere Bedeutungen sind unter Schultheiß (Begriffsklärung) aufgeführt. Ein Schultheiß. Holzschnitt von Peter Flötner (16. Jahrhundert) Der Schultheiß oder Schuldheiß (von althochdeutsch  sculdheizo ‚Leistung Befehlender‘, vgl. mittelniederdeutsch  schult(h)ēte , latinisiert (mittellat.) sculte(t)us , schwäbisch heute noch Schultes für „Bürgermeister“) bezeichnet einen in vielen westgermanischen Rechtsordnungen vorgesehenen Beamten, der Schuld heischt : Er hatte im Auftrag seines Herren (Landesherrn, Stadtherrn, Grundherrn) die Mitglieder einer Gemeinde zur Leistung ihrer Schuldigkeit anzuhalten, also Abgaben einzuziehen oder für das Beachten anderer Verpflichtungen Sorge zu tragen. Sprachliche Varianten des Schultheißen sind Schulte , Schultes oder Schulze . Früher wurde zwischen dem Stadtschulzen und dem Dorfschulzen unterschieden. In der städtischen Gerichts- und Gemeindeverfassung war er ein vom städtischen Rat oder vom L
Read more

Liste der Kulturdenkmale in Wilsdruff

Image
Wappen von Wilsdruff Die Liste der Kulturdenkmale in Wilsdruff enthält die Kulturdenkmale in Wilsdruff. Die Anmerkungen sind zu beachten. Diese Liste ist eine Teilliste der Liste der Kulturdenkmale im Landkreis Sächsische Schweiz-Osterzgebirge. Diese Liste ist eine Teilliste der Liste der Kulturdenkmale in Sachsen. Inhaltsverzeichnis 1 Legende 2 Wilsdruff 3 Birkenhain 4 Blankenstein 5 Braunsdorf 6 Grumbach 7 Grund 8 Helbigsdorf 9 Herzogswalde 10 Kaufbach 11 Kesselsdorf 12 Kleinopitz 13 Limbach 14 Mohorn 15 Oberhermsdorf 16 Anmerkungen 17 Ausführliche Denkmaltexte 18 Quellen 19 Weblinks Legende | Bild: zeigt ein Bild des Kulturdenkmals und gegebenenfalls einen Link zu weiteren Fotos des Kulturdenkmals Bezeichnung: Name, Bezeichnung oder die Art des Kulturdenkmals Lage: Straßenname und wenn vorhanden Hausnummer des Kulturdenkmals; Grundsortierung der Liste erfolgt nach dieser A
Read more

Android Play Services Check

Image
up vote 0 down vote favorite Im facing a problem currently im making my app to run on t.v its working fine on mobiles. but the issue is if i run my app on t.v emulator splash screen appears then the app crashes log shows this error. No acceptable module found. Local version is 0 and remote version is 0 i googled this error and came with a solution that my emulator should have latest google play services installed in it.. but in my t.v emulator there is no play store so i cant update my play services to latest version. so is there any way to make a check that if play services version is less then this so run the app instead of crashing, and if the play services version is latest also run the aap... here is my code where im getting the play services version.. int playServicesAvailable = GoogleApiAvailability.g
Read more