Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

elasticbeanstalk ssl without custom domain

Tags:

I'm trying to enable SSL on a Token Vending Machine hosted on Amazon Elastic Beanstalk. However, it tells me I need an SSL certificate if I try to enable a port 443 listener.

This would make sense if I had my own domain, but this is a system machine giving out tokens to a mobile app. The URL is of the form mytvm.elasticbeanstalk.com and will never be seen by an end user so there's no need to get a custom domain.

Is it possible to enable SSL without the hassle of setting it up on a custom domain name? Pretty much every host I've used before had a wildcard SSL certificate for stuff you ran on a subdomain of their main host. In other words I would expect Amazon to have had setup a wildcard certificate for *.elasticbeanstalk.com. Is this not the case?

like image 218
houbysoft Avatar asked Aug 16 '13 23:08

houbysoft


People also ask

How do I enable SSL on Elastic Beanstalk?

To do this, navigate to the Configuration Tab of your Elastic Beanstalk App. There should be a new card labelled Load Balancer. In order to add the certificate, we'll need to open up port 443 (SSL Port) and assign our certificate.


1 Answers

The name of your app can be your 'custom domain', i.e, mytvm.elasticbeanstalk.com.

If you are using a load-balancer with your elastic beanstalk application you can make use the directions here and use openssl to create your own cert. When you've installed openssl and the elastic beanstalk command line interface you can follow the steps by entering your domain name as 'mytvm.elasticbeanstalk.com'

Using the following commands:

C:\>openssl genrsa 1024 > privatekey.pem Loading 'screen' into random state - done Generating RSA private key, 1024 bit long modulus....  C:\>openssl req -new -key privatekey.pem -out csr.pem Loading 'screen' into random state - done You are about to be asked to enter information that will be incorporated....  Country Name (2 letter code) [AU]:us State or Province Name (full name) [Some-State]:yourstate Locality Name (eg, city) []:cityname Organization Name (eg, company) [Internet Widgits Pty Ltd]:youname Organizational Unit Name (eg, section) []: your Common Name (e.g. server FQDN or YOUR name) []:**mytvm.elasticbeanstalk.com** ...  C:\>openssl x509 -req -days 365 -in csr.pem -signkey privatekey.pem -out server.crt  C:\>iam-servercertupload -b server.crt -k privatekey.pem -s server -v 

Next change your setting to use 443.

like image 169
onlymybest Avatar answered Dec 31 '22 15:12

onlymybest