Once you complete the process of generating CSR for Amazon Web Services, the Next step is you need to install SSL on Amazon Web Services (AWS). Once the certificate authority (CA) validates your domain name, they will send you a verification link on your registered email address, which is associated with your domain name. Once your domain is validated, CA will send you a final certificate in Zip file attachment.
How to Install SSL Certificate on Amazon Web Services (AWS)
You will receive the following Certificate Chain Files in the Zip folder, Which are used to set up your SSL on Amazon Web Services:
1) Root certificate (root.crt)
2) Intermediate certificate (intermediate1.crt)
3) Intermediate certificate (intermediate2.crt)
4) Public certificate issued for your domain (yourdomain.crt)
Convert Certificate Private key and Certificate Chain Files into .PEM format:
First, All your certificate files including private key (awsserver.key) and Certificate Chain (root and intermediate certificates) needs to be converted into .PEM format using Amazon Identity and Access Management Service (IAM).
Enter below the OpenSSL command to convert the Private Key file in .PEM format:
openssl rsa -in awsserver.key -outform PEM > server.private.pem
Enter below command to convert certificate chain file in .PEM format:
openssl x509 -inform PEM -in certificate_chain_file
Next, You can upload your SSL certificate files to your Amazon Web Services. So, you will require to combine root and intermediate certificate into a single-bundle.crt file for that you can use the below command:
cat intermediate1.crt intermediate2.crt root.crt > ssl-bundle.crt
Upload Certificate Files through AWS CLI (Command Line Interface):
Now, upload CA bundle file, private key, and main certificate with a below single command through AWS CLI (Command Line Interface):
$ aws iam upload-server-certificate --server-certificate-name ExampleCertificate --certificate-body file://Certificate.pem --certificate_chain_file file://CertificateChain.pem --private-key file://awsserver.pem
IAM will confirm Certificate Details:
IAM will confirm the following details when you upload a certificate:
– Private key (.key) and the certificate (.crt) issued for the domain is must be X509 PEM-encoded.
– The Certificate’s validity period includes issuance and expiration date.
– CA bundle and private key contains one certificate and one key.
– Unencrypted private key (without password)
– The format of the private key must be in correct format with begin and ends tag as follows:
-----BEGIN RSA PRIVATE KEY----- and ends with -----END RSA PRIVATE KEY-----
Verify your Uploaded SSL certificate:
After uploading is completed, run the below command for viewing and retrieving the uploaded certificate using “certificate_object_name”:
aws iam get-server-certificate --server-certificate-name certificate_object_name
Update certificate on running HTTPS Load Balancer:
Generate Amazon Resource Name (ARN) of SSL Certificate using below AWS CLI command through IAM:
– Your_AWS_Account_ID means unique Amazon Resource Name (ARN), Amazon Resource Name (ARN) for your certificate will be used to update your load balancer configuration settings to use HTTPS.
– Certificate_Object_GUID is the ID of the certificate.
Note: To store and deploy Certificates, you can use either IAM API or ACM tools.
Next, Create an HTTPS listener to assign an SSL certificate on the load balancers that will accept HTTPS requests on port 443 and send requests on port 80 using HTTP. It can be done by the following command:
aws elb create-load-balancer-listeners --load-balancer-name my-load-balancer --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=ARN
Check SSL Certificate Installation
Now, You can check SSL certificate is successfully installed on Amazon Web Services (AWS) with the SSL checker tool and verify details of certificate installation.
- How to Fix “ERR_SSL_PROTOCOL_ERROR” on Google Chrome
- NET::ERR_CERT_COMMON_NAME_INVALID IN CHROME – How to Fix?
- Steps to resolve the ‘NET ERR_CERT_AUTHORITY_INVALID’ Error in Google Chrome
- How to Install SSL certificate on Oracle WebLogic Server?
- Install SSL Certificate on Microsoft IIS 10
- How to Install an SSL Certificate on Tableau Server
- How to Install SSL Certificate on Tomcat Web Server?