Ask a Question

Advanced Search

Solution ID : SO20424

Last Modified : 05/02/2018

Installing an SSL Certificate on Amazon Web Services' (AWS) HTTPS Load Balancers

Solution

Use following steps for instructions to upload an SSL certificate to Amazon Web Services (AWS) HTTPS Load Balancer's Identity and Access Management (IAM) services.

 

Prerequisites:

AWS requires that the Private Key (which was created during the CSR generation) file NOT be protected with a pass phrase/password.

If the Private Key file was created without a passphrase, proceed to Step 1.

If the Private Key file was created with a pass phrase, using OpenSSL, run the following command line against that Private Key file to remove the pass phrase.

openssl rsa -in original_privatekeyfile.key -out newprivatekey_filename.key


Note:  You will be prompted for the original pass phrase one last time to run this command before it will be removed.

 

Step 1:  Converting Certificate Files to PEM Formats

AWS requires that all files be in PEM formats.

First convert the Private Key file to a PEM format.  Run the following command against the Private Key file:

openssl rsa -in privatekey_filename.key -outform PEM


When issued the SSL from Thawte, there are 2 certificate files to retrieve and convert. The SSL certificate file and the Intermediate CA (also referred to as CA bundle or chain) certificate file.

Run the following command against each of these certificates separately to convert both certificate files to a PEM format:

openssl x509 -inform PEM -in sslorintermediate_filename.cer

 


Step 2:  Uploading the Certificate Files

You should now have the following files to upload, all in their PEM formats.

◦  Private Key:  Created during the CSR generation process.
◦  SSL Server certificate:  Issued by Thawte.
◦  Intermediate CA certificate:  Issued by Thawte.

Use the following command to upload these certificate files:

aws iam upload-server-certificate --server-certificate-name my-server-cert --certificate-body file://ssl_filename.pem --private-key file://privatekey_filename.pem --certificate-chain file://intermediate_filename.pem


The SSL certificate files are now uploaded to Amazon Web Services (AWS) HTTPS Load Balancer's Identity and Access Management (IAM) services.