Self-signed SSL wildcard certificate for ELB

Will place each set of SSL files under a directory assigned per domain; at the end you will have a directory that contains the newly created .host, .key, .pem and .info files.

#openssl genrsa 2048 > host.key
#openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert

Enter subdomain.domain.com for Common Name. It’s the 6th option in the dialog.
All other options can be left blank for defaults
For wildcard SSL, enter *.domain.com

#openssl x509 -noout -fingerprint -text < host.cert > host.info
#cat host.cert host.key > host.pem
#chmod 400 host.key host.pem
#openssl genrsa 2048 > host.key
#openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert

Enter subdomain.domain.com for Common Name. It’s the 6th option in the dialog.
All other options can be left blank for defaults
For wildcard SSL, enter *.domain.com

openssl x509 -noout -fingerprint -text < host.cert > host.info
cat host.cert host.key > host.pem
chmod 400 host.key host.pem

 

Enable SSL on ELB

The Amazon web services console lets you go right to an ELB (in the EC2 section under “Load Balancers”). When you click on an ELB, you get its properties in the bottom pane. Click on the Listeners tab and you see all the ports that are enabled currently. The last row is reserve so that you can add new ports. If you change the first drop-down to HTTPS, then the entire row changes so you can enter the appropriate information.

Amazon web services ELB listeners

ELBssl1In this dialog, the load balancer protocol and port are set to HTTPS and 443, respectively. The instance protocol and port are still set at HTTP and 80, meaning that the ELB will talk HTTP to all of its instances.

Of course, HTTPS is useless without a valid certificate so that web browsers can verify the site.

Uploading certificates to an ELB

When you click on the Select link to specify an SSL certificate you get the following dialog:

The dialog asks you to enter four pieces of information:
ELBssl2Certificate Name – The name you want to use to keep track of the certificate within the AWS console.
Private Key – The key file you generated as part of your request for certificate. (paste  host.key content)
Public Key Certificate – The public facing certificate provided by your certificate authority. (paste host.cert content)
Certificate Chain – An optional group of certificates to validate your certificate.

Providing the certificate name is pretty straightforward, it can be anything you want. The name itself is just so you can keep track of it and has no other value.

Once Uploaded Go back to the ELB console – Add HTTPS port and select the recently added SSL cert from the dropdown list and SAVE.
Done!.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s