(2 votes, average: 5.00 out of 5)
This installation guide will help you learn the complete SSL certificate installation process on AWS in a step-by-step manner. Get a comprehensive and in-depth overview of how to install SSL certificates on AWS here. So, read till the end.
Nevertheless, the steps outlined in this SSL installation guide work in most instances. But it’s good to be prepared before you start with the installation. So, what do you need to install an SSL certificate on AWS? Check below.
Things You Need Before Installing an SSL Certificate on AWS
Before installing the SSL certificate on AWS, you’ll have to prepare and be ready with some files. Here is a checklist of all the things you need to get started with the installation procedure.
1. Server Certificate
You receive a server certificate on your email for your website domain from the CA. Also, you can download it from the Account Dashboard without any hassle.
2. Intermediate Certificate(s)
These certificate files enable your server-connected devices to find out the issuing CA. Also known as CA Bundle, you can find these files with the certificate you received in a ZIP folder. If not received, you can download it manually.
3. Private Key
If you used any free tool to generate your CSR, you should have this under your possession or on your server. It’s crucial to generate CSR and request an SSL certificate before installation. In the section below, we’ve outlined steps to generate CSR on AWS.
At the time of requesting for an SSL certificate, you’ll be asked to generate and send a CSR to the Certificate Authority. Generating a CSR is crucial as it contains all your organization or website info along with the private key. One of the most simple and fastest ways to generate a CSR is using our free CSR generator tool.
To upload your certificate to AMC, run this command:
aws acm import-certificate --certificate file://abc.crt --private-key file://abc.key --certificate-chain file://abc-bundle.crt
Simply interchange the ‘abc’ attribute with the real names of your files. Once uploaded successfully, an Amazon Resource Name (ARN) will be sent to you. This will allow you to handle and organize your SSL certificate seamlessly.
To upload an SSL certificate on IAM, run this command:
aws iam upload-server-certificate --server-certificate-name certificate-name --certificate-body file://abc.crt --certificate-chain file://abc-bundle.crt --private-key file://abc.key
Simply replace the ‘abc’ with actual file names and interchange the bolded values with the following:
Once you upload the cert successfully, the screen will display a server cert metadata comprising its name, ARN, ID, server path, upload and expiration date, and identifier.
If you’re reading this section, we assume that you have uploaded the certificate either in ACM or IAM. Now, you’re looking forward to updating or creating HTTPS listeners on the current application load balancers. To install the certificate in ELB, you’ll require ARN and the existing balancer’s ARN.
To generate an HTTP listener and allocate the SSL certificate to it, run this command:
aws elb create-load-balancer-listeners --load-balancer-name my-load-balancer --listeners “Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=ARN”
The value of ARN is your SSL certificate’s ARN. However, it may happen that you already have an HTTPS listener. In that case, you’ll only have to update the certificate. Do so by running this command:
aws elb set --load-balancer-listener-ssl-certificate --load-balancer-name my-load-balancer --load-balancer-port 443 --ssl-certificate-id NewARN
The new value of ARN is your new SSL certificate’s ARN (the cert you need to import).
To generate an HTTP listener on the application load balancer, use this command:
aws elbv2 create-listener --load-balancer-arn my-load-balancer-arn --protocol HTTPS --port 443 --certificates CertificateArn=my-certificate-arn --default-actions Type=forward,TargetGroupArn=my-target-group-arn
So, finalize the installation, and you’re done!
To test the installation, perform a browser test. Browse your website domain’s HTTPS version and see if there’s any SSL padlock or not. To check your SSL certificate’s info, click on it. You can also use our diagnostic SSL Checker Tool to perform a more in-depth evaluation.