使用CloudFront默认证书安全吗?

huangapple go评论62阅读模式
英文:

Is using CloudFront default certificate safe?

问题

I am serving a website using s3 and cloudFront (migrating from digitalOcean to aws). I want to add custom domain which is in NameCheap, and name servers aren't connected yet since we are using terraform, no manual steps will be taken.
ACM is failing to issue certificates for that domain name, my guess is although the 'hosted zone' is in route53, as it is not connected (due to name servers) it is unable to issue a certificate.
But I have to deploy the project, cloudFront does provide default certificate, I can easily connect it to the route53 and call it a day for now. My plan is to change it later once all the name servers are connected on nameCheap.
My question is, is it safe to proceed with cloudFront default certificate?

Please note: An application is already being served from digitalOcean and we do not want to hamper customer experience while migrating. I am using terraform here, so we can apply custom ssl cert. anytime later.

英文:

I am serving a website using s3 and cloudFront (migrating from digitalOcean to aws). I want to add custom domain which is in NameCheap, and name servers aren't connected yet since we are using terraform, no manual steps will be taken.
ACM is failing to issue certificates for that domain name, my guess is although the 'hosted zone' is in route53, as it is not connected (due to name servers) it is unable to issue a certificate.
But I have to deploy the project, cloudFront does provide default certificate, I can easily connect it to the route53 and call it a day for now. My plan is to change it later once all the name servers are connected on nameCheap.

My question is, is it safe to proceed with cloudFront default certificate?

> Please note: An application is already being served from digitalOcean and we do not want to hamper customer experience while migrating. I am using terraform here, so we can apply custom ssl cert. anytime later.

答案1

得分: 1

是的,使用默认证书进行HTTPS流量是安全的,但请记住,默认的CloudFront证书仅适用于域名*.cloudfront.net,因此分发不能具有自定义域名。

为了保持相同的体验,您必须等待从ACM获取有效的证书。另一种选择是通过将DNS记录添加到当前DNS提供商或通过电子邮件验证来手动验证证书。

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-revert-to-cf-certificate.html

英文:

Yes, it is safe to use the default certificate for HTTPS traffic but keep in mind that default CloudFront certificate is only valid for the domain *.cloudfront.net, so the distribution could not have a custom domain.

To keep the same experience, you must wait to get a valid certificate from ACM. An alternative is to validate the certificate manually by adding the DNS records to the current DNS provider or validate via email.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-revert-to-cf-certificate.html

huangapple
  • 本文由 发表于 2023年6月9日 10:18:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/76436786.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定