Route53 for AWS Elastic Search Domain gives certificate error

Question

I have created an AWS elastic search domain in Virginia and got an Endpoint URL.

Now I wanted to configure the Route53 behaviour around it so that a caller can use the same URL, even though there is some change in elastic search or in case of disaster recovery.

So,

Virginia Route 53 -- 1 Point to -- Virginia Elastic Search Domain URL Oregon Route 53 -- 2 Points to -- Oregon Elastic Search Domain URL Main Route 53 -- 3 Points to -- Route 53 1 or 2

I have already created these and also created and uploaded SSL certificate with correct SAN entries. But when I execute,

curl https://mainroute53/health

curl https://virginiaroute53/health

curl https://oregonroute53/health

I am getting this error,

curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

But when I am calling the Elastic Search URL directly it's working. So I understand this is an issue with the way I am using the certificate. Any help appreciated.

Answer 1

--insecure can used in the curl statement has a flag, but it has its side effects and not a recommended option for production.