I'm hosting my project on AWS ec2 instance.Frontend - Angular application, launched with nginx, backend - Spring boot application.My goal is to configure proper https usage, however I'm facing some troubles and would like to get better understanding on how the things are working.
What I've done so far:
- Bought domain name for my web portal.
- Requested certificate on ZeroSSL provider for my domain name.
- Configured LoadBalancer with redirection to my ec2 and attached my certificate.
At this stage I had Angular accessible via https, but backend was still on http. This was giving me an error which seems to be logical to me, which was telling like: You are using secured connection for the frontend, backend should be also secured. Ok. In order to fix this, I've added to index.html this line:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />And I'm targeting my backend with external IP address (attached to ec2). This was not working and I've started also to reconfigure by backend to be accessible via HTTPs and here I'm having difficulties.
With openssl commands I've created keyStorage with my certificate (same as was issued for the domain).
In the Spring config:
server: port: 443 ssl: enable: true key-alias: mydomain key-store: springKeyStore.p12 key-store-password: password key-store-type: PKCS12I'm targeting this keyStorage. However, now I'm getting an error when Angular tries to fetch the data from the backend: net::ERR_CERT_COMMON_NAME_INVALID
API calls to backend via https - are working. Frontend (Angular) is also served via https (thanks to LoadBalancer config), but there is no communication between front and back.
Can anyone explain how this supposed to work and where I'm doing something wrong?Thanks in advance!
