obama
obama

Reputation: 61

AWS security certificate

In Amazon EC2, I'm trying to create a load balancer, and I got to a step where it says that I need a certificate. It gives me three options:

1.Choose an existing certificate from AWS Identity and Access Management (cannot click on this for one reason)

2.Upload a new SSL certificate to AWS Identity and Access Management

3.Choose an existing certificate from AWS Certificate Manager

I do not know how to do anything if I choose to upload a new SSL certificate, and If I choose to choose an existing certificate from AWS manager, no certificates come up for me to choose.

I cannot skip this step. Im trying to make an app, and this server is crucial. What do I do?

Upvotes: 0

Views: 224

Answers (2)

Michael - sqlbot
Michael - sqlbot

Reputation: 179384

Installing an SSL certificate on ELB without using AWS Certificate Manager can be a frustrating task for someone unfamiliar with the techniques and terminology involved in working with SSL certificates.

Certs, chains, and keys actually turn out to be pretty simple concepts but it is not easy for neophytes to find straightforward and correct answers. The initial steps, the reasons why you do them, and what observations and decisions you have to make based on various conditions you might encounter could fill an entire book. (For example, some certificate authorities send you multiple certificates for the chain, which you have to assemble in the correct order, others will actually assemble the chain for you upside down, requiring you to reassemble it correctly. You need to be able to understand this condition and sort it out. Also, the console indicates the chain is optional, but that is almost never actually true except when using a self-signed certificate for testing, and omitting it can give you the false impression that your setup is correct when, in fact, it isn't.)

Unless you use Amazon Certificate Manager (ACM, see below), it is actually beneficial, while learning, to skip this step and not enable SSL at all, when initially setting up the balancer, because you will not necessarily realize you got it wrong until the end of all the steps, when creating the load balancer fails, and you have to start over. So, do skip this step by not initially trying to set up SSL when setting up the ELB. You can go back and add it, after the balancer is created.

If working with SSL certificates is unfamiliar to you, use Amazon Certificate Manager. It's a free service, sort of a bonus for ELB or CloudFront customers, and manages all the complexity for you.

Go to ACM in the console, selecting the same AWS region where you'll be deploying ELB. Create the certificate you need, and follow through the verification steps until the certificate had been issued. Then, when setting up ELB, you will be able to choose the ACM option and select your new cert from the list, which will no longer be empty.

Upvotes: 1

niteshd22
niteshd22

Reputation: 511

You only need to upload certificate if you are using SSL/HTTPS.
If you dont need SSL/HTTPS use on HTTP forwarding.

Else you can generate self-signed certificate using this commands

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt  

Verifiy the key and certificate is working by using this command

openssl rsa -in privateKey.key -check
openssl x509 -in certificate.crt -text -noout  

Now convert the files to comply with aws certificate requirement.

openssl rsa -in privateKey.key -text > private.pem  
openssl x509 -inform PEM -in certificate.crt > public.pem

Use above generated files with ELB

Upvotes: 0

Related Questions