HTTPS access to Amazon S3 bucketsEdit
Amazon S3 maintains SSL certificates for:
s3.amazonaws.com*.s3.amazonaws.com
Note that as far as the wildcard certificate is concerned, most (many? all?) browsers expect the wildcard subdomain to be a single word (ie. "foo") and not a string of words separated by dots (ie. "foo.example.com"), which is a common naming pattern for S3 buckets.
Remember also that the following three forms of bucket addressing all refer to the same resource:
s3.amazonaws.com/[BUCKET]/[KEY][BUCKET].s3.amazonaws.com/[KEY][BUCKET AS CNAME ALIAS]/[KEY](ie.[BUCKET AS CNAME ALIAS]is an alias for[BUCKET].s3.amazonaws.com)
For example, these are all equivalent:
s3.amazonaws.com/my.fancy.s3.alias.example.com/foo/bar.gzmy.fancy.s3.alias.example.com.s3.amazonaws.com/foo/bar.gzmy.fancy.s3.alias.example.com/foo/bar.gz
This means that if you want to provide SSL access to a resource, only one of those URLs is going to work without triggering a browser warning about the certificate (ie. the one beginning with s3.amazonaws.com).
So you have two options here:
- Either always use the working URL of the form
https://s3.amazonaws.com/[BUCKET]/[KEY] - Set up a bucket name that is a single word without any periods
The latter option may be trickier as the bucket name may already be taken.
In my case I had (something like) s3.example.com set up as a CNAME alias for s3.example.com.s3.amazonaws.com, and this works fine for HTTP requests using URLs of the form http://s3.example.com/[KEY].
For HTTPS requests I have a different bucket set up, "wincent", which means I can use URLs of the form https://wincent.s3.amazonaws.com/[KEY], or of course, https://s3.amazonaws.com/wincent/[KEY].
I can also issue requests for items in the s3.example.com bucket over HTTPS using URLs of the form https://s3.amazonaws.com/s3.example.com/[KEY].