I've purchased an SSL certificate from godaddy. I've created a keystore file, generated a csr file from it, sent it to godaddy, and received these files:
Now I am trying to create an Elastic Load Balancer in AWS console. When asked for a certificate details, they ask for:
How do I convert the files I have to these parameters?
After your certificate request is approved, you can download your certificate from the SSL manager and install it on your Amazon Web Services (AWS) server.
For AWS ELB you need three thing as you said
Private Key
The rsa key you Generated on linux with
#openssl genrsa -des3 -out host.key 2048
it will ask for password, give it for now we will remove it later.
Public key
from your private key you first Generate csr file which is Certificate Signing Request(the one you submit to authority in your case godaddy to get public key). you can Generate csr file using
#openssl req -new -key host.key -out host.csr
now you submit your csr file to godaddy and in return they provide you two files(mydomain.crt, gd_bundle.crt). mydomain.crt is your public key.
Certificate Chain
gd_bundle.crt is certification Chain file which godaddy provides you with your public key.your public key and certification chain file don't need any conversion but for the private key file you need to remove its password and convert it into pem with
#openssl rsa -in host.key -out private.pem
and its all good to go for AWS.put private key.pem file content in aws private key section and put mydomain.crt file content in public key and put gd_bundle.crt content in certification chain Section. Conversion all depends upon from where you are getting your Certificate. if getting certificate from some other company i will recommend you to follow AWS Docs.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html
Almost two years ago exactly, but I cam across this and it stumped me for a second.
The Certificate body* is the main key in the zip file, mine looks like this f7dsdfsdf2f4e942d.crt
and has only one entry.
The middle field Certificate private key* is the ssh private key that signed your csr. It lives on the server that you user to create your csr request. I found the location of mine by looking at the nginx config file and copying to my local drive.
The last field Certificate chain is the the file with 3 entries, mine looks like gd_bundle-g2-g1.crt
.
I recently had to go through this process and none of the answers worked for me. Here are the steps that allowed me to upload a new SSL certificate to AWS (for subsequent use in ElasticBeanstalk).
Obtaining Private Key
I had to use two commands for this process:
openssl genrsa -des3 -out server.pass.key 2048
openssl rsa -in server.pass.key -out server.key
The server.key
file is your Private Key.
Additionally, you can generate the CSR (Certificate Signing Request) by doing:
openssl req -nodes -new -key server.key -out server.csr
This is the file we'll use to request GoDaddy to issue our new certificate.
Obtaining Public Key
Once the certificate has been issued in GoDaddy download it. This will give you two files which must be bundled into one by doing:
cat yourdomain.crt gd_bundle-g2-g1.crt > combined.crt
The combined.crt
would be your Public Key.
Uploading server certificate to AWS
With the server.key
and combined.crt
file you can now upload the certificate to AWS using AWS CLI. You just have to use the following command:
aws iam upload-server-certificate --server-certificate-name your_certificate_name --certificate-body file://combined.crt --private-key file://server.key
If everything went well, you'll receive a response from the server:
{
"ServerCertificateMetadata": {
"ServerCertificateId": "ABCDEFG12345678",
"ServerCertificateName": "certificate-name",
"Expiration": "2018-08-26T11:59:38Z",
"Path": "/",
"Arn": "arn:aws:iam::1234123412:server-certificate/certificate-name",
"UploadDate": "2017-08-26T19:53:46.989Z"
}
}
And that’s it, you should have a new SSL certificate available to you in AWS.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With