Live Chat
Same Certs
Cheapest Price Seal
Less Price

Install SSL Certificate on Amazon Web Services (AWS)

Once you complete the process of generating CSR for Amazon Web Services, the Next step is you need to install SSL on Amazon Web Services (AWS). Once the certificate authority (CA) validates your domain name, they will send you a verification link on your registered email address, which is associated with your domain name. Once your domain is validated, CA will send you a final certificate in Zip file attachment.

How to Install SSL Certificate on Amazon Web Services (AWS)

You will receive the following Certificate Chain Files in the Zip folder, Which are used to set up your SSL on Amazon Web Services:

1) Root certificate (root.crt)
2) Intermediate certificate (intermediate1.crt)
3) Intermediate certificate (intermediate2.crt)
4) Public certificate issued for your domain (yourdomain.crt)

Convert Certificate Private key and Certificate Chain Files into .PEM format:

First, All your certificate files including private key (awsserver.key) and Certificate Chain (root and intermediate certificates) needs to be converted into .PEM format using Amazon Identity and Access Management Service (IAM).

Enter below the OpenSSL command to convert the Private Key file in .PEM format:

openssl rsa -in awsserver.key -outform PEM > server.private.pem

Enter below command to convert certificate chain file in .PEM format:

openssl x509 -inform PEM -in certificate_chain_file

Next, You can upload your SSL certificate files to your Amazon Web Services. So, you will require to combine root and intermediate certificate into a single-bundle.crt file for that you can use the below command:

cat intermediate1.crt intermediate2.crt root.crt > ssl-bundle.crt

Upload Certificate Files through AWS CLI (Command Line Interface):

Now, upload CA bundle file, private key, and main certificate with a below single command through AWS CLI (Command Line Interface):

$ aws iam upload-server-certificate --server-certificate-name ExampleCertificate
                                    --certificate-body file://Certificate.pem
                                    --certificate_chain_file file://CertificateChain.pem
                                    --private-key file://awsserver.pem

IAM will confirm Certificate Details:

IAM will confirm the following details when you upload a certificate:
– Private key (.key) and the certificate (.crt) issued for the domain is must be X509 PEM-encoded.
– The Certificate’s validity period includes issuance and expiration date.
– CA bundle and private key contains one certificate and one key.
– Unencrypted private key (without password)
– The format of the private key must be in correct format with begin and ends tag as follows:

-----BEGIN RSA PRIVATE KEY----- and ends with -----END RSA PRIVATE KEY-----

Verify your Uploaded SSL certificate:

After uploading is completed, run the below command for viewing and retrieving the uploaded certificate using “certificate_object_name”:

aws iam get-server-certificate --server-certificate-name certificate_object_name

Update certificate on running HTTPS Load Balancer:

Generate Amazon Resource Name (ARN) of SSL Certificate using below AWS CLI command through IAM:


Your_AWS_Account_ID means unique Amazon Resource Name (ARN), Amazon Resource Name (ARN) for your certificate will be used to update your load balancer configuration settings to use HTTPS.
Certificate_Object_GUID is the ID of the certificate.

Note: To store and deploy Certificates, you can use either IAM API or ACM tools.


AWS Load Balancer

Next, Create an HTTPS listener to assign an SSL certificate on the load balancers that will accept HTTPS requests on port 443 and send requests on port 80 using HTTP. It can be done by the following command:

aws elb create-load-balancer-listeners --load-balancer-name my-load-balancer --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=ARN

Check SSL Certificate Installation

Now, You can check SSL certificate is successfully installed on Amazon Web Services (AWS) with the SSL checker tool and verify details of certificate installation.

Related Posts:

4.8/5 overall satisfaction rating

Based on 3910 ratings from actual customers

Customer Reviews
"Not a new customer just a new account due to a name change. Love your prices and service. Thanks for everything! Jimmy - Prestacarts Global Commerce"
Jimmy Ray Warren J / TX, United States
"I have to say your tech "Mike" went out of his way to help me setup the CSR for our SSL. I am not a techie, and Mike was extremely helpful and patient with me. You need to hire more support personnel like Mike! Great job Mike!! Thank you for all your help!! Jana"
Jana K
"Been using you guys for several years. Clean built website with a great UI/UX that lets me get to what I need to buy quickly. I couldn't ask for more. Thanks!"
Devin N
5 Star
4 Star
3 Star
2 Star
1 Star