Getting an HTTPS website to work on an Amazon EC2 instance…

Over the weekend I was attempting to push out a huge update to Pylons.  The new update reworks how the authentication works, because we want this version to be able to work with the mobile clients we are working on.  Because the reworked authentication involves passing some sensitive information around, we wanted to ensure that things were secure by using SSL.  Long story short, when you visit a website that starts with “https”, it’s using a secure layer to (in theory) prevent people from snooping on the traffic between your computer (or phone) and the website.

A week ago I purchased an SSL certificate, and finally got around to pushing out the update and applying it all on Saturday.  Saturday evening, at around 5:00 pm, I hit a major snag: the HTTPS version of the site wasn’t working.  I went through a ton of different forum posts, blogs, and troubleshooting guides to figure out what was going on.  By the end of the evening, I still wasn’t able to figure it out.  Everything on the server looked fine.  The SSL certificate showed up fine on the server, the IIS bindings were set properly, the firewall was opened to traffic on port 443, but no matter what I did, it didn’t work.  I could view some portions of the site when accessing it through localhost on the server, but as soon as I would try hitting it by the actual URL, nothing would load.  I even stripped the site right down to the most basic ASP.Net page that ships as the default web page for IIS.  No matter what I did, I couldn’t ever seem to get it to work.

This morning, I decided to take another crack at it.  I spent way too much time doing more digging through forums, re-installing IIS, restarting the server, etc.  Nothing seemed to work.  Everything seemed to look fine on the server, but nothing would work remotely.  Eventually, I thought that perhaps it wasn’t my problem.  Given that the site is currently being hosted on an Amazon instance, could it perhaps be some setting with Amazon that is blocking SSL traffic on port 443? 

Yes.

That’s exactly what it was.  I came across this helpful question on StackOverflow.  As it turns out, as soon as I enabled the traffic on port 443, via the EC2 Management Console, everything magically worked!

I’m writing this up for anyone else who might have the same problem:

  • SSL Certificate is installed on the server
  • Correct bindings are allowing traffic on port 443, and a proper certificate is selected.
  • Server firewall settings allow traffic on port 443
  • You are able to access the most basic site on HTTP but the site times out on HTTPS
  • Viewing any port settings via the console shows that traffic should be coming through on port 443
  • Snooping network traffic with Netshark shows that the server is getting some HTTPS requests, but it seems like no response is being sent

Try doing the following:

  1. In the Amazon web console (https://console.aws.amazon.com/ec2), click on the Security Groups link on the left
  2. Under the security group that your instance is running, set up a new Inbound rule to allow HTTPS traffic from any IP.
  3. Set up a new Outbound rule to allow HTTPS traffic to any IP.

It wasn’t necessary to delete/recreate/restart the instance. As soon as I applied the rules, I tried hitting the https site in my browser on my local machine, and it worked.

Now to actually getting the proper/real update pushed out…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s