NLB Configured with Unsupported Certificate Type #309
Comments
|
@gravesm Do you know if this is caused by something intentional in the tests, or is it an issue that needs to be corrected? |
softwarefactory-project-zuul bot
pushed a commit
to ansible-collections/community.aws
that referenced
this issue
Sep 10, 2024
SUMMARY
The tests for network load balancers use an invalid cert:
community.aws/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml
Line 7
in
d79e817
size: 4096
.
As per AWS documentation Network load balancers only support RSA certs with up to 3072 bit keys.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
elb_network_lb
ADDITIONAL INFORMATION
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificates
Supported key algorithms
RSA 1024-bit
RSA 2048-bit
RSA 3072-bit
ECDSA 256-bit
ECDSA 384-bit
ECDSA 521-bit
related to mattclay/aws-terminator#309
Reviewed-by: Mark Chappell
patchback bot
pushed a commit
to ansible-collections/community.aws
that referenced
this issue
Sep 10, 2024
SUMMARY
The tests for network load balancers use an invalid cert:
community.aws/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml
Line 7
in
d79e817
size: 4096
.
As per AWS documentation Network load balancers only support RSA certs with up to 3072 bit keys.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
elb_network_lb
ADDITIONAL INFORMATION
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificates
Supported key algorithms
RSA 1024-bit
RSA 2048-bit
RSA 3072-bit
ECDSA 256-bit
ECDSA 384-bit
ECDSA 521-bit
related to mattclay/aws-terminator#309
Reviewed-by: Mark Chappell
(cherry picked from commit f2f6284)
|
This should be fixed, now. Let us know if you are still getting notices. |
softwarefactory-project-zuul bot
pushed a commit
to ansible-collections/community.aws
that referenced
this issue
Oct 3, 2024
This is a backport of PR #2142 as merged into main (f2f6284). SUMMARY The tests for network load balancers use an invalid cert: community.aws/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml Line 7 in d79e817 size: 4096 . As per AWS documentation Network load balancers only support RSA certs with up to 3072 bit keys. ISSUE TYPE Bugfix Pull Request COMPONENT NAME elb_network_lb ADDITIONAL INFORMATION https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificates Supported key algorithms RSA 1024-bit RSA 2048-bit RSA 3072-bit ECDSA 256-bit ECDSA 384-bit ECDSA 521-bit related to mattclay/aws-terminator#309 Reviewed-by: Alina Buzachis
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Notices similar to the following are regularly received from AWS regarding the test account used to run integration tests:
We have identified an issue regarding your Network Load Balancer nlb-d3810e28b5e9 in the us-east-1 Region.
We noticed that the load balancer has secure (TLS) listeners in a non-functional state. The TLS listener is currently broken due to being configured with a certificate that is not supported. Network Load Balancers support RSA certificates with up to 3072-bit keys and ECDSA certificates with curves P-256, P-384, and P-521. The ARN for the configured certificate is arn:aws:iam::966509639900:server-certificate/ansible-test-nlb-d3810e28b5e9. In order to restore client connectivity, please update the load balancer listener to use a supported certificate.
You can learn more about using TLS listeners on your Network Load Balancer in our public documentation [1].
If you require further assistance, the AWS Support team is available on the Forums and through AWS Support [2].
[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html
[2] https://aws.amazon.com/support
The text was updated successfully, but these errors were encountered: