How To Install SSL Certificate on AWS (Amazon Web Services)?

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 5.00 out of 5)
Loading...
Install SSL On AWS

This installation guide will help you learn the complete SSL certificate installation process on AWS in a step-by-step manner. Get a comprehensive and in-depth overview of how to install SSL certificates on AWS here. So, read till the end.

Nevertheless, the steps outlined in this SSL installation guide often work. But it’s good to be prepared before you start with the installation. So, what do you need to install an SSL certificate on AWS? Check below.

Things You Need Before Installing an SSL Certificate on AWS

Before installing the SSL certificate on AWS, you’ll have to prepare and be ready with some files. Here is a checklist of all the things you need to get started with the installation procedure.

1. Server Certificate

You receive a server certificate on your email for your website domain from the CA. Also, you can download it from the Account Dashboard without any hassle.

2. Intermediate Certificate(s)

These certificate files enable your server-connected devices to find out the issuing CA. Also known as CA Bundle, you can find these files with the certificate you received in a ZIP folder. If not received, you can download it manually.

3. Private Key

If you used any free tool to generate your CSR, you should have this under your possession or on your server. It’s crucial to generate CSR and request an SSL certificate before installation. In the section below, we’ve outlined steps to generate CSR on AWS.

Installation of SSL Certificate on AWS

Step 1: For AWS ACM (Amazon Certificate Manager)

To upload your certificate to AMC, run this command:

aws acm import-certificate
--certificate file://abc.crt
--private-key file://abc.key
--certificate-chain file://abc-bundle.crt

Simply interchange the ‘abc’ attribute with the real names of your files. Once uploaded successfully, an Amazon Resource Name (ARN) will be sent to you. This will allow you to handle and organize your SSL certificate seamlessly.

Step 2: For AWS IAM (Identity Access Manager)

To upload an SSL certificate on IAM, run this command:

aws iam upload-server-certificate
--server-certificate-name certificate-name
--certificate-body file://abc.crt
--certificate-chain file://abc-bundle.crt
--private-key file://abc.key

Replace the ‘abc’ with actual file names and interchange the bolded values with the following:

  • Certificate Body File Parameter: Here, replace and add the actual name of your main SSL certificate file.
  • Certificate Name: Here, use any easy-to-remember custom name. You can use any value linked with your SSL certificate or your domain name.
  • Certificate Chain File Parameter: Use the actual name of your CA bundle file.
  • Private Key File Parameter: Use your private key file name here.

Once you upload the cert successfully, the screen will display a server cert metadata comprising its name, ARN, ID, server path, upload and expiration date, and identifier.

Step 3: For ELB (Elastic Load Balancing)

If you’re reading this section, we assume you uploaded the certificate in ACM or IAM. You’re looking forward to updating or creating HTTPS listeners on the current application load balancers. To install the certificate in ELB, you’ll require ARN and the existing balancer’s ARN.

→ Classic Load Balancer

To generate an HTTP listener and allocate the SSL certificate to it, run this command:

aws elb create-load-balancer-listeners
--load-balancer-name my-load-balancer
--listeners “Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=ARN”

The value of ARN is your SSL certificate’s ARN. However, it may happen that you already have an HTTPS listener. In that case, you’ll only have to update the certificate. Do so by running this command:

aws elb set
--load-balancer-listener-ssl-certificate
--load-balancer-name my-load-balancer
--load-balancer-port 443
--ssl-certificate-id NewARN

The new value of ARN is your new SSL certificate’s ARN (the cert you need to import).

→ Application Load Balancer

To generate an HTTP listener on the application load balancer, use this command:

aws elbv2 create-listener
--load-balancer-arn my-load-balancer-arn
--protocol HTTPS --port 443
--certificates CertificateArn=my-certificate-arn
--default-actions Type=forward,TargetGroupArn=my-target-group-arn

So, finalize the installation, and you’re done!

Testing Your AWS SSL Installation

To test the installation, perform a browser test. Browse your website domain’s HTTPS version and see if there’s any SSL padlock. To check your SSL certificate’s info, click on it. You can also use our diagnostic SSL Checker Tool for more in-depth evaluation.