HTTPS access to Amazon S3 bucketsEdit

Created , updated

Amazon S3 maintains SSL certificates for:

  • *

Note that as far as the wildcard certificate is concerned, most (many? all?) browsers expect the wildcard subdomain to be a single word (ie. "foo") and not a string of words separated by dots (ie. ""), which is a common naming pattern for S3 buckets.

Remember also that the following three forms of bucket addressing all refer to the same resource:


For example, these are all equivalent:


This means that if you want to provide SSL access to a resource, only one of those URLs is going to work without triggering a browser warning about the certificate (ie. the one beginning with

So you have two options here:

  • Either always use the working URL of the form[BUCKET]/[KEY]
  • Set up a bucket name that is a single word without any periods

The latter option may be trickier as the bucket name may already be taken.

In my case I have set up as a CNAME alias for, and this works fine for HTTP requests using URLs of the form[KEY].

For HTTPS requests I have a different bucket set up, "wincent", which means I can use URLs of the form[KEY], or of course,[KEY].

I can also issue requests for items in the "" bucket over HTTPS using URLs of the form[KEY].