Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS set https SSL on Load Balancer Listener

I have an AWS ELB on http and it works fine.

Now I want to add https listener and AWS requires an SSL:

enter image description here

I have SSL certificate in my server and I dont know where is the Private Key\Public Key Certificate their.

I have read on other StackOverFlow questions about it and I saw that you should use Openssl to convert the Certificate to PEM but I can't understand where is the Private Key\Public Key Certificate their which I should convert to PEM.

Could you please help me understand how to get those PEMs from my server's certificate?

like image 767
Misha Zaslavsky Avatar asked Oct 22 '25 14:10

Misha Zaslavsky


2 Answers

You can follow below steps for this:-

For this you can do the following:-

1. Create SSL private key using OPENSSL.

sudo openssl genrsa -out your-private-key-name.pem 2048

2. Next, create a CSR key using OPEN-SSL

openssl req -sha256 -new -key your-private-key-name.pem -out csr.pem

The system will ask for some details, like your country, city, company name etc. Fill in those details.

  1. These steps will result in two .pem files.

  2. Now, while generating your SSL certificate from your SSL provider(Godaddy), generate the SSL certificate using the csr.pem contents.

  3. After verification, you will be provided with your SSL certificate (.crt) files. [Generally, two .crt files]

  4. Now, you have to configure this configuration onto AWS server.

  5. Open the form (for which you have posted the screenshot).
    a. For private key section, post the contents of your-private-key-name.pem
    b. Open one of the .crt files with a text editor. If this has only one set of
    -----BEGIN CERTIFICATE----- AND -----END CERTIFICATE-----
    paste it in the Public Key Certificate section.

    c. If the .crt file has multiple sets of
    -----BEGIN CERTIFICATE----- AND -----END CERTIFICATE-----
    paste it in the Certificate Chain section.

Now, you have entered your Private Key, Public Key and Certificate Chain AWS should not give any error.

NOTE: Do not copy the contents of .pem and .crt files directly from LINUX (vi editor). Open the files in windows and then paste the contents into the AWS form.

Hope that helps.

like image 107
Monis Avatar answered Oct 25 '25 07:10

Monis


Before you got SSL cert from godday, you have to generate CSR file first.

Then use this link to covert to .PEM file https://www.sslshopper.com/ssl-converter.html

And follow here: How to convert .crt to .pem

like image 24
Thanh Nguyen Van Avatar answered Oct 25 '25 08:10

Thanh Nguyen Van