Reputation: 6143
Upload correct certificate to AWS for https
I am new in AWS and have little knowledge only for ssl. I have already bought certificate for ssl and they are like this. (file name). I buy from sslcertificate.com
But in aws panel, I saw like this to put pem value.
I am not sure which crt file I need to use. Do I need to use CSR file also? (the one that I use to have crt file).
Upvotes: 1
Views: 93
Answers (2)
Reputation: 6671
To upload your own certificate to AWS Certificate Manager you need to provide three pieces.
Certificate Body
This is the certificate that was provided to you from your certificate authority that they have signed. This is the certificate that is unique to your website. This is what is returned to browsers when they make requests so this information is public.
In this case it is the www_test_io.crt file.
Certificate Private Key
The private key is something that you should have generated when you requested a certificate. This information must be kept secret. Keeping this secret is the key (pun intended) to how the connection is secured. Once you provide this to AWS they will never give it back to you so you may want to keep this safe on your own.
Your private key may be password protected, if it is you will have to use a command line tool to remove the password before you upload it here.
In this case the file that contains the private key was not listed, but this key is mandatory for you to be able to upload the certificate.
Certificate Chain
The certificate chain consists of the certificates that are "in-between" your certificate and the root certificate. All of this information is public, the same as your certificate. There may be zero, one, or multiple certificates in the chain. The chain is required so the clients can tie your certificate back to a root that it trusts. It is possible that not specifying a chain may work on some clients but not others so it is best to get this correct for compatibility reasons.
In this specific case you would want to put the content of the following two files in this order:
- COMODORSADomainValidationSecureServerCA.crt
- COMODORSAAddTrustCA.crt
All you do is take the text content of the first, copy and paste it in, and then the text content of the second, and copy and paste it right below the first.
While it is possible to also include the root certificate as part of the chain and some people do include it, it does not need to be included and is considered best practice not to actually include the root itself.
Upvotes: 2
Reputation: 13648
Paste www_test_io.cert contents in to Certificate body. Open the other 3 files and merge them into one (copy and paste them together) and paste that block into the Certificate chain.
You should have the private key, which was generated when you made the request. Paste it into Certificate private key
Upvotes: 0
Related Questions
- Use self-signed imported certificate in AWS
- Uploading SSL certificates TO IAM
- How to upload a SSL certificate to IAM
- SSL Certificate + EC2
- ssl certificate for aws
- AWS security certificate
- Applying SSL Certificates using AWS / EC2
- Uploading certificate with command line
- Aws cli upload certified ssl
- Amazon EC2/S3 "self-signed certificate" SSL failure when using ec2-upload-bundle