Note that as far as the wildcard certificate is concerned, most (many? all?) browsers expect the wildcard subdomain to be a single word (ie. "foo") and not a string of words separated by dots (ie. "foo.example.com"), which is a common naming pattern for S3 buckets.
Remember also that the following three forms of bucket addressing all refer to the same resource:
[BUCKET AS CNAME ALIAS]/[KEY](ie.
[BUCKET AS CNAME ALIAS]is an alias for
For example, these are all equivalent:
This means that if you want to provide SSL access to a resource, only one of those URLs is going to work without triggering a browser warning about the certificate (ie. the one beginning with
So you have two options here:
- Either always use the working URL of the form
- Set up a bucket name that is a single word without any periods
The latter option may be trickier as the bucket name may already be taken.
For HTTPS requests I have a different bucket set up, "wincent", which means I can use URLs of the form
https://wincent.s3.amazonaws.com/[KEY], or of course,
I can also issue requests for items in the "s3.wincent.com" bucket over HTTPS using URLs of the form