I have a wild card SSL certificate issued by Starfield Secure Certifcation Authority that is valid thru 2014. I have been using the certificate with ELB without backend authentication (cert not installed on ELB) for over a year. I recently needed to get the client IP to pass through to the servers. In order get the client IP to pass through, I had to create a new ELB and install the certificate on the ELB and setup the backend authentication using the ELBSampleELBDefaultCipherPolicy. The SSL certificate is also installed on the servers/instances.
I have over 100 clients using the new configuration with no problems. However, I have had 2 clients throw invalid certificate errors:
java: "unable to find valid certification path to requested target"
.net: "Could not establish trust relationship for the SSL/TLS secure channel... The remote certificate is invalid according to the validation procedure"
I am concerned that the errors are a symptom of a bigger problem with my configuration. Please let me know if you have any ideas or suggestions on how to solve this problem.
Best Answer
The solution was to provide a certificate chain. When you upload a SSL certificate to AWS, it requires a private and public key. It also has a 3rd field for the certificate chain that is optional. I didn't include the certificate chain originally and that caused the browser to not be able to verify the certificate.
I got my certificate chain from the starfield (issuer) at:
[https://certs.starfieldtech.com/anonymous/repository.seam][1]
I download the sf_bundle.crt and used that to setup the SSL key on AWS. Problem solved.