{"id":5650,"date":"2018-04-20T18:00:34","date_gmt":"2018-04-20T17:00:34","guid":{"rendered":"https:\/\/da-manager.com\/blog\/?p=5650"},"modified":"2022-11-28T12:03:10","modified_gmt":"2022-11-28T11:03:10","slug":"install-ssl-certificate-on-amazon-web-services-aws","status":"publish","type":"post","link":"https:\/\/da-manager.com\/blog\/install-ssl-certificate-on-amazon-web-services-aws\/","title":{"rendered":"INSTALL SSL CERTIFICATE ON AMAZON WEB SERVICES (AWS)"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/da-manager.com\/blog\/install-ssl-certificate-on-amazon-web-services-aws\/#Convert_Certificate_Private_key_and_Certificate_Chain_Files_into_PEM_format\" >Convert Certificate Private key and Certificate Chain Files into .PEM format:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/da-manager.com\/blog\/install-ssl-certificate-on-amazon-web-services-aws\/#Upload_Certificate_Files_through_AWS_CLI_Command_Line_Interface\" >Upload Certificate Files through AWS CLI (Command Line Interface):<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/da-manager.com\/blog\/install-ssl-certificate-on-amazon-web-services-aws\/#IAM_will_confirm_Certificate_Details\" >IAM will confirm Certificate Details:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/da-manager.com\/blog\/install-ssl-certificate-on-amazon-web-services-aws\/#Verify_your_Uploaded_SSL_certificate\" >Verify your Uploaded SSL certificate:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/da-manager.com\/blog\/install-ssl-certificate-on-amazon-web-services-aws\/#Update_certificate_on_running_HTTPS_Load_Balancer\" >Update certificate on running HTTPS Load Balancer:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/da-manager.com\/blog\/install-ssl-certificate-on-amazon-web-services-aws\/#Check_SSL_Certificate_Installation\" >Check SSL Certificate Installation<\/a><\/li><\/ul><\/nav><\/div>\n<header class=\"entry-header\">\n<h1 class=\"entry-title\"><\/h1>\n<\/header>\n<div class=\"entry-content\">\n<p>Once you complete process of <strong><a href=\"https:\/\/da-manager.com\/clients\/index.php?rp=\/store\/ssl-certificates\">generating CSR for Amazon Web Services<\/a><\/strong>, Next step is you need to install SSL on Amazon Web Services (AWS).\u00a0Once certificate authority (CA) validates your domain name, they will send you a verification link on your registered email address, which is associated with your domain name. Once your domain is validated, CA will send you\u00a0final certificate in Zip file attachment.<\/p>\n<p>You will receive following Certificate Chain Files in Zip folder, Which are used to set up your SSL on Amazon Web Services:<\/p>\n<p>1) Root certificate (root.crt)<br \/>\n2) Intermediate certificate (intermediate1.crt)<br \/>\n3) Intermediate certificate (intermediate2.crt)<br \/>\n4) Public certificate issued for your domain (yourdomain.crt)<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Convert_Certificate_Private_key_and_Certificate_Chain_Files_into_PEM_format\"><\/span>Convert Certificate Private key and Certificate Chain Files into .PEM format:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>First, All your certificate files including private key (awsserver.key) and Certificate Chain (root and intermediate certificates) needs to be converted into <strong>.PEM<\/strong> format using Amazon <strong>Identity and Access Management Service<\/strong> (IAM).<\/p>\n<p><strong>Enter below OpenSSL command to convert Private Key file in .PEM format:<\/strong><\/p>\n<pre>openssl rsa -in awsserver.key -outform PEM &gt; server.private.pem<\/pre>\n<p><strong>Enter below command to convert certificate chain file in .PEM format:<\/strong><\/p>\n<pre>openssl x509 -inform PEM -in certificate_chain_file<\/pre>\n<p>Next, You can upload your SSL certificate files to your Amazon Web Services. So, you will require to\u00a0<strong>combine root and intermediate certificate<\/strong> into a single-bundle.crt file for that you can use below command:<\/p>\n<pre>cat intermediate1.crt intermediate2.crt root.crt &gt; ssl-bundle.crt<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Upload_Certificate_Files_through_AWS_CLI_Command_Line_Interface\"><\/span>Upload Certificate Files through AWS CLI (Command Line Interface):<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Now, <strong>upload CA bundle file, private key and main certificate<\/strong> with below single command\u00a0through <strong>AWS CLI<\/strong> (Command Line Interface):<\/p>\n<pre>$ aws iam upload-server-certificate --server-certificate-name ExampleCertificate\r\n                                    --certificate-body file:\/\/Certificate.pem\r\n                                    --certificate_chain_file file:\/\/CertificateChain.pem\r\n                                    --private-key file:\/\/awsserver.pem<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"IAM_will_confirm_Certificate_Details\"><\/span>IAM will confirm Certificate Details:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>IAM will confirm following details, when you upload\u00a0a certificate:<br \/>\n\u2013 Private key (.key) and the certificate (.crt)\u00a0issued for domain are\u00a0must be X509 PEM-encoded.<br \/>\n\u2013 The Certificate\u2019s validity period including issuance and expiration date.<br \/>\n\u2013 CA bundle and private key contains one certificate and one key.<br \/>\n\u2013 Unencrypted private key (without password)<br \/>\n\u2013 The format of private key must be in correct format with begin and ends tag as following:<\/p>\n<pre>-----BEGIN RSA PRIVATE KEY----- and ends with -----END RSA PRIVATE KEY-----<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Verify_your_Uploaded_SSL_certificate\"><\/span>Verify your Uploaded SSL certificate:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>After uploading is completed, run the below command for viewing and retrieving the uploaded certificate using \u201ccertificate_object_name\u201d:<\/p>\n<pre>aws iam get-server-certificate --server-certificate-name certificate_object_name<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Update_certificate_on_running_HTTPS_Load_Balancer\"><\/span>Update certificate on running HTTPS Load Balancer:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Generate Amazon Resource Name (ARN) of SSL Certificate using below AWS CLI command through IAM:<\/p>\n<pre>arn:aws:iam::Your_AWS_Account_ID:server-certificate\/my-server-certificate<\/pre>\n<p>\u2013 <strong>Your_AWS_Account_ID<\/strong> means unique Amazon Resource Name (ARN), Amazon Resource Name (ARN) for your certificate will be used to update your load balancer configuration settings to use HTTPS.<br \/>\n\u2013 <strong>Certificate_Object_GUID<\/strong> is the ID of the certificate.<\/p>\n<p><strong>Note:<\/strong> To store and deploy Certificate, you can use either IAM API or ACM tools.<\/p>\n<p>&nbsp;<\/p>\n<p>Next, Create <strong>HTTPS\u00a0listener to assign SSL certificate<\/strong> on the load balancers that will accept HTTPS requests on port 443 and send request on port 80 using HTTP. It can be done by following command:<\/p>\n<pre>aws elb create-load-balancer-listeners --load-balancer-name my-load-balancer --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=ARN<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Check_SSL_Certificate_Installation\"><\/span>Check SSL Certificate Installation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Now, You can check SSL certificate is successfully installed on Amazon Web Services (AWS) with tool such as SSL certificate Analyzer of Comodo\u00a0and verify details of certificate installation.<\/p>\n<p><strong>\u00a0 \u00a0 \u00a0=========================================================<\/strong><\/p>\n<p><strong>\u00a0Thanks for reading this post! Don&#8217;t just read and leave,<\/strong><\/p>\n<p><strong>but please like, follow me,\u00a0and share to others too!!..<\/strong><\/p>\n<p><strong>\u00a0 \u00a0 \u00a0=========================================================<\/strong><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Once you complete process of generating CSR for Amazon Web Services, Next step is you&#8230;<\/p>\n","protected":false},"author":1,"featured_media":5646,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","_mbp_gutenberg_autopost":false,"footnotes":""},"categories":[147],"tags":[277,188,193],"class_list":["post-5650","post","type-post","status-publish","format-standard","has-post-thumbnail","category-general","tag-amazon","tag-content-marketing","tag-social-media"],"modified_by":null,"_links":{"self":[{"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/posts\/5650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/comments?post=5650"}],"version-history":[{"count":0,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/posts\/5650\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/media\/5646"}],"wp:attachment":[{"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/media?parent=5650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/categories?post=5650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/da-manager.com\/blog\/wp-json\/wp\/v2\/tags?post=5650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}