A company is migrating a legacy storefront web application to the AWS Cloud. The applicat…

Question

A company is migrating a legacy storefront web application to the AWS Cloud. The application is complex and will take several months to refactor. A solutions architect recommended an interim solution of using Amazon CloudFront with a custom origin pointing to the SSL endpoint URL for the legacy web application until the replacement is ready and deployed.
The interim solution has worked for several weeks. However, all browser connections recently began showing an HTTP 502 Bad Gateway error with the header
`X-Cache: Error from cloudfront.` Monitoring services show that the HTTPS port 443 on the legacy web application is open and responding to requests.
What is the likely cause of the error, and what is the solution?

Accepted Answer

Correct answer: D. D. The SSL certificate on the legacy web application server has expired. Replace the SSL certificate on the web server with one signed by a globally recognized certificate authority (CA). Install the full certificate chain onto the legacy web application server. — An HTTP 502 Bad Gateway error with the 'X-Cache: Error from cloudfront' header indicates an SSL/TLS handshake failure between CloudFront and the custom origin, which is commonly caused by an expired or untrusted SSL certificate on the origin server. CloudFront requires custom origins to use certificates signed by a globally recognized Certificate Authority (CA) and to have the complete certificate chain installed. Because certificates generated by AWS Certificate Manager (ACM) cannot have their private keys exported for installation on external legacy servers, the solution must involve obtaining a new certificate from a trusted third-party CA and installing it, along with the full chain, directly on the legacy server.

AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 344

Answer options

Correct answer: D

Explanation