Whatsapp Business API HTTPS Certificate
We just deploy on AWS Cloudformation an enterprise WhatsApp API following the next instructions:
So all works normally, and the deploy finished correctly, the problem comes with the option "SSL Configuration", we understand that the API creates a self signed certificate so we get the error on the browsers because of that.
The documentation says that we need to upload a certificate authority, but do we need to get one from a third party to avoid this error?
We are a little bit lost, any advice will be nice.
Like everything else in SSL, the answer is "it's all about trust" and "it depends (on who you trust)".
To get this error to go away you will need to upload an "intermediate CA" including a private key, certificate for the key, and the whole chain of signed certificates back to a trusted CA.
In a default operating system / browser environment, the (root or an intermediate) CA must be trusted in the client system. This usually means having your private key signed by Let's Encrypt or paying a commercial CA.
gotcha, so what happen with the configuration about the cname, if we want to use a custom cname and we can't change the configuration, do we?
in developers.facebook.com/docs/whatsapp/aws#ssl-config there's a callout "In AWS deployments, the SSL certificate is created using the load balancer hostname..." Because the API expects a CA certificate, it can create certificates automatically - I expect it will generate a certificate using whatever name is required.