Reputation: 41
About create SSL certificate for MUP on AWS EC2
I deployed my meteor with MUP on AWS EC2 ubunto, and it is working now. I met problem when adding SSL certificate when following the MUP's instruction on SSL
When trying to get ssl.pem, it says we can follow this guide: "Check this guide to do that" http://alexnj.com/blog/configuring-a-positivessl-certificate-with-stud.html:
I have a few problems here:
(1) my certificate is bought from namecheap.com, and they sent me four crt files:
• Root CA Certificate - AddTrustExternalCARoot.crt
• Intermediate CA Certificate - COMODORSAAddTrustCA.crt
• Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
• Your PositiveSSL Certificate - www_mydomain_com.crt
. Besides above four files, I have my own private key file.
But according to http://alexnj.com/blog/configuring-a-positivessl-certificate-with-stud.html, I need 3 files instead:
<1> Domain certificate;
<2> Intermediate certificates (in our case, the PositiveSSL CA)
<3> Root CA
I am confused which 3 of 4 files from namecheap.com corresponding to the required 3 files...........
(2) For the stud command mention "stud /opt/stud/certs-assembly/bundle.pem -u nobody", should I run it in local? or run it in AWS EC2? My mac does not have stud, need to install it...
(3) some people mention the private key needs to be decrypted. Can some people confirm this?
Hope to get some help soon on this.
Upvotes: 2
Views: 501
Answers (1)
Reputation: 41
Finally resolve the problem.
On generating ssl.pem, do not follow completely the guide mentioned in mup doc. That guide is outdated.
The whole process is follows:
create Aws ubuntu ec2. Note the user is ubuntu, not ec2-user
• First you need to generate a CSR file and the private key AWSuse openssl, so follow: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1/19/csr-generation-using-openssl-apache-wmod_ssl-nginx-os-x • Then purchase a SSL certificate.
• Then generate a SSL certificate from your SSL providers UI.
• Then that'll ask to provide the CSR file. Upload the CSR file we've generated. only csr, no private key.
• When asked to select your SSL server type, select it as nginx.
• Then you'll get a set of files (your domain certificate and CA files).
I bought ssl certificate from namecheap, and got four files in one .zip: • Root CA Certificate - AddTrustExternalCARoot.crt • Intermediate CA Certificate - COMODORSAAddTrustCA.crt • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt • Your PositiveSSL Certificate - www_carllo_us.crt
Get ssl.pem: cat www_domain_com.crt ComodoRSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt private.key >> ssl.pem
Set mup.json:
"env": { "ROOT_URL": "https://domain.com" }, "ssl": { "pem": "carllous-bundle.pem" },Mup setup
Done
Upvotes: 2
Related Questions
- curl SSL certification error
- Trouble with mup deploy on AWS-EC2
- ssl certificate for aws
- How to correctly deploy multi meteor instances WITH SSL on one digitalocean droplet using mup?
- Deploy Meteor App To AMAZON EC2 using MUP Error
- How to set up a meteor server on https connection?
- SSL Certificate For AWS Load Balancer
- Error loading rsa private key - MUP to Deploy Meteor App at Digital Ocean w/SSL
- Meteor SSL connection
- Deploying Meteor application with MUP to Ubuntu EC2 instance