Menu
I have a CloudFront distribution that I want to setup with SSL using a custom certificate.
We want to use a SSL cert that we already have uploaded to IAM (and we're currently using for a few ELBs), but it won't let us even select the option (the drop-down where the certs are supposed to be is empty).
Any ideas? According to the official doc this is supposed to be a valid option
PS: we do not want to use an cert provided by the aws cert manager
309
You can't use a self-signed certificate for HTTPS communication between CloudFront and your origin.
You can't associate more than one SSL or Transport Layer Security (TLS) certificate to an individual CloudFront distribution. However, certificates provided by AWS Certificate Manager (ACM) support up to 10 subject alternative names, including wildcards.
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v3/home . Choose the ID for the distribution that you want to update. On the General tab, choose Edit. Add your alternate domain names.
Custom certificates uploaded for ELB cannot be used for CloudFront.
So you need to upload the SSL certificate (it can be the same certificate) a second time, but slightly differently.
aws iam upload-server-certificate \
--server-certificate-name CertificateName \
--certificate-body file://public_key_certificate_file \
--private-key file://privatekey.pem \
--certificate-chain file://certificate_chain_file \
--path /cloudfront/DistributionName/
Source: https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-custom-certificate/
Note the /cloudfront/ at the start of the --path parameter.
So, in the end, you will have two certificates stored, one to be used by ELB, one to be used by CloudFront. But they can come from the same certificate source files.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
