As most of AWS users are well aware that ELB can be an SSL termination point for the incoming traffic to your website, today I will show step by step how you can build, upload and save the SSL certificate on an ELB.
There are three parts to doing this:
Step 1: Build
As most of SSL certs of a corporation is handled by a dedicated team which maintains and creates the signed and verified certificate, they usually provide the certs on asking in standard format. They basically provide three things
There are three parts to doing this:
Step 1: Build
As most of SSL certs of a corporation is handled by a dedicated team which maintains and creates the signed and verified certificate, they usually provide the certs on asking in standard format. They basically provide three things
- A ".crt" extension file say acme.com.crt
Sample crt file
-----BEGIN CERTIFICATE-----
jytdlhdxcz77dfd67idfefhend,
iuhfdfjhw8094kmdlksj88d9
.
.
.
kjdskjshkdshdskhsa7rri23l;j
-----END CERTIFICATE-----
- A ".key" extension file say acme.com.key
Sample key file
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,672767RTE
re87e8eetr7ettewew7
ew68w68ere7e6rewr
.
.
.
yeiurwyireuyrere8987
-----END RSA PRIVATE KEY-----
- And a password string for it('password')
After installing you have to generate two pem encoded files as ELB needs, one public another private.
To generate public file use the following command(If prompted for password provide the password as mentioned above)
openssl x509 -inform PEM -in acme.com.crt > public.pem
To generate the private file use the following command(If prompted for password provide the password as mentioned above)
openssl rsa -in acme.com.key -text > private.pem
In private.pem file you will have a lengthy certificate chain which is optional in ELB but at the end the file would look something like this.
-----BEGIN RSA PRIVATE KEY-----
yre7tet78etew8euyue
ew68w68ere7e6rewr
.
.
.
,n,xn,xcmnc7v7cyc7nn
-----END RSA PRIVATE KEY-----
The public.pem file will most likely remain same and would most likely look like your .crt file but whatever the result your sample public.pem would looks like this
-----BEGIN CERTIFICATE-----
jytdlhdxcz77dfd67idfefhend,
iuhfdfjhw8094kmdlksj88d9
.
.
.
kjdskjshkdshdskhsa7rri23l;j
-----END CERTIFICATE-----
Step 2: Upload and Save
On the AWS console navigate to ELB page and click on ELB where you want to apply this certificate. On the bottom pane click on Listener tab(see image) and click on change link(as marked by arrow)
On clicking the change or upload button you would see the a modal where you would copy paste the content of the private.pem and public.pem file we generated (see attached image) In private.pem just copy paste the bottom part starting with -----begin private key-----
This two step process will terminate your ssl at ELB and will provide enable your website to be secure on https protocol
Sid
http://dailytechscape.com
http://dailytechscape.com