MikiBelavista
MikiBelavista

Reputation: 2758

How to install SSL Certificate on AWS EC2 Instance?

I posted question yesterday How to copy SSL to EC2. This is what I am supposed to do:

You can connect to your Zeppelin notebook using an HTTPS URL. This requires a Secure Sockets Layer (SSL) certificate on your Amazon EC2 instance. The notebook server must provide web browsers with a certificate to validate its authenticity and to allow encrypted traffic for sensitive data such as passwords.
If you have an SSL certificate from a certificate authority (CA), copy your SSL certificate key store onto the Amazon EC2 instance into a path that the ec2-user has write access to, such as /home/ec2-user/.

I copied server.crt but I can not make connection from my Mac OS to ec2 instance. I will repeat the steps:

  1. Generated a private key and certificate signing request
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl req -new -key server.key -out server.csr
  1. Generated a self-signed SSL certificate
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

My next steps:

scp -i sparktest.pem server.crt ec2-34-245-107-45.eu-west-1.compute.amazonaws.com

 ssh -i sparktest.pem ec2-34-245-107-45.eu-west-1.compute.amazonaws.com

[email protected]: Permission denied (publickey).

EC2 was created with Cloudformation. enter image description here

Why I got permission denied? What should I check?

Upvotes: 0

Views: 1103

Answers (2)

PMah
PMah

Reputation: 738

You are missing a username for the destination.

Instead of having just ec2-ip-address.eu-west-1.compute.amazonaws.com, you need [email protected] (in both ssh and scp commands).`

Without ec2-user, it will log in as your local username, which is not what you want!

Upvotes: 1

Chris Williams
Chris Williams

Reputation: 35258

The permission denied could be a number of reasons check the following:

  • The sparktest.pem file has a public key added to the authorized_keys folder. This will be added automatically if this is the key attached to your instance
  • The pem is for the user you’re trying to connect to on the host. You appear to be trying to connect to a user name milenko.
  • The permissions of the key should be 400 with the user you’re running the command as, as the current user.

Upvotes: 1

Related Questions