CODEWITHSUNDEEP
node.jsamazon-web-servicesssl
user5209723
user5209723

Reputation:

How to download AWS certificate to use it with NodeJS

I'm struggling with AWS to enable https systematically. I requested a certificate through the certificate manager, and then have the ELB and Security Group listen to HTTPS and port 443.

But I also need my server on the AWS instance to listen to https request on the 443 port, right? My server is running with NodeJS and Express. From what I understood, I'd need to have a certificate (.crt) file and key to do it correctly, but I didn't find out how to download them from AWS Certificate Manager.

Did anyone faced this problem before? Thanks all!

Upvotes: 4

Views: 4622

Answers (3)

Kathy
Kathy

Reputation: 419

My application's ssl certificate (running in AWS ECS) expired 2 days ago. Because that certificate is managed by ACM and can not be downloaded and installed manually. I do the following to renew it:

  • In ACM, submit the request for renew the certificate, (need to provide email or DNS provider to verify this domain is owned by you. ) I used email way. After validation, the certificate renew request 's status changed from 'pending' to 'issued'.

  • There is no place to download the certificate, as above answer, we need to use ELB or other service to install that certificate. In aws console, EC2 => Load balancer => View/edit certificates => add the certificates created for that. => done

Upvotes: 1

User3E
User3E

Reputation: 41

No, You cannot download the certificate, instead of that you can configure your Apache. for configuring https open /etc/apache2/sites-available/default-ssl.conf and add this lines to that file.

<Location /subDomain>
  ProxyPass http://localhost:port
  ProxyPassReverse http://localhost:port
</Location>

after adding restart your apache. And open the browser and check https://yourdns.com/subDomain

Upvotes: 1

Mark B
Mark B

Reputation: 200436

I also need my server on the AWS instance to listen to https request on the 443 port, right?

Nope, you enable the certificate on the ELB. SSL termination happens on the ELB, and communication between the ELB and your NodeJS server occurs over HTTP inside your VPC. The ELB will send a special HTTP header X-Forwarded-Proto to your NodeJS server, which you can check if you need to know if the connection between the ELB and the client is over HTTP or HTTPS.

You can't download certificates generated by Amazon's ACM service. You can only use them via Load Balancers or CloudFront distributions.

Upvotes: 10

Related Questions