How to Install an SSL Certificate in Amazon Web Service (AWS)
Want to learn how to install an SSL certificate in Amazon Web Service? Check out this post to learn how by allocating HTTPS communications to your website or app.
Join the DZone community and get the full member experience.Join For Free
Amazon Web Service offers reliable cloud computing services along with scalable and low-cost infrastructure. Organizations can immediately organize new applications and virtual servers as per usual business demands.
You should use SSL Certificates to allocate HTTPS communications to your website or application on the Amazon Web Service. The following instruction will guide you through the installation process on Amazon Web Service. If you have more than one server or device, you will need to install the certificate on each server or device that you need to secure. If you still not have generated your certificate and completed the validation process, reference our CSR generation instructions before going through the steps below.
Because Amazon Web Service involves a variety of web hosting services, we highly recommend consulting Amazon documentation to fully understand generating/uploading/configuring your SSL. Because AWS allows different server configurations, there will be no one fits size for all solutions for all users.
However, the following steps should help you install SSL Certificates:
What You Will Need
Your Server Certificate
This is the certificate you received from the CA for your domain. You may send this via email.
These files allow the device connecting to your server to identify the issuing to CA. It may be more than one certificate. If you got your certificate in a ZIP Folder, it should also contain the intermediate certificate, which is sometimes referred to as CA bundle.
Your Private Key
This file should be on your server or in your possession if you generated your CSR from a free generator tool.
Install SSL Certificate to AWS
Convert the Server Certificate to the PEM Format
Enter the following command to convert the server certificate format to PEM:
openssl x509 -inform PEM -in my-certificate
Convert the Intermediate(s) to PEM Format
Enter the following command to convert the certificate chain:
openssl x509 -inform PEM -in my-certificate-chainEnter the following upload-server-certificate command in your AWS account:
Upload to Your AWS Account
Enter the following
upload-server-certificate command in your AWS account:
aws iam upload-server-certificate –server-certificate-name my-server-cert –certificate-body file://my-server-certificate.pem –private-key file://my-private-key.pem –certificate-chain file://my-certificate-chain.pem
The SSL Certificate file is now uploaded to AWS successfully.
When you upload a certificate, IAM will confirm below certificate details:
- The certificate must follow the X.509 PEM format
- The current date of the certificate should be between the start and end date.
- Public/Private certificate files should contain single certificates.
- The private key should match with the certificate.
- The private keys must be in PEM format and should not have an encrypted password
After uploading, you can run below command to verify the SSL Certificate:
aws iam get-server-certificate --server-certificate-name certificate_object_name
The output of the above command will look like:
To update the certificate for HTTPS load balancer, use ARN of the certificate and use the following command:
aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-loadbalancer --load-balancer-port 443 --ssl-certificate-id arn:aws:iam::123456789012:server-certificate/certificate_object_name
To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember you may need to restart your server for changes to take effect.
Published at DZone with permission of Kalpesh Patel. See the original article here.
Opinions expressed by DZone contributors are their own.