Amazon Web Services (AWS) offers reliable cloud computing services along with scalable and low-cost infrastructure. Organizations can immediately organize new applications and virtual servers as per business demand.
You should use SSL/TLS certificate to allocate HTTPS communications to your website or application on Amazon Web Services (AWS). Below step-by-step instruction will provide detailed information on how to install SSL certificate on AWS (Amazon Web Services) using IAM (Identity Access Management) services.
Install SSL certificate to Amazon Web Services (AWS)
1) Upload Certificate Files on IAM
You receive server certificate file from a certificate authority and you need to upload the certificate to the IAM (Identity Access Management) along with the private key and certificate chain.
2) Covert Certificate Files into .PEM Format
The certificate files that a CA sends would be in the .crt format so you have to convert those files in .PEM format. There will be three files server certificate, private key and certificate chain file.
- To convert a private key file, you can use following command in OpenSSL.
openssl rsa -in privatekey_filename.key -outform PEM
- To convert individual certificate file, you can use following OpenSSL command
openssl x509 -inform PEM -in sslorintermediate_filename.cer
Note: When you specify file values like certificate body and private key, you should start with file:// as a part of file name.
3) Upload Certificate Using AWS CLI via Command
- To upload the certificate, AWS command line interface (CLI) is used and the certificate can be uploaded with the following command.
aws iam upload-server-certificate --server-certificate-name certificate_object_name --certificate-body file://public_key_certificate --private-key file://privatekey.pem --certificate-chain file://certificate_chain_file
“certificate_object_name” refers to an own name of the certificate for easy to memorize.
4) SSL Certificate Uploaded Successfully
The SSL certificate file is now uploaded to AWS successfully.
5) Confirm the Certificate Details
- When you upload a certificate, IAM will confirm below certificate details.
- The certificate must follow X.509 PEM format.
- The current date of the certificate should be between the start and end date.
- Public/private certificate files should contain single certificate.
- Private Key should match with the certificate.
- The private key must be in PEM format and should not have an encrypted password.
6) Verify Your SSL Certificate
After uploading, you can run below command to verify the SSL certificate.
aws iam get-server-certificate --server-certificate-name certificate_object_name
The output of the above command will look like
arn:aws:iam::Your_AWS_Account_ID:server-certificate/Your_Certificate_Object_Name Certificate_Object_GUID
Your_AWS_Account_ID means unique Amazon Resource Name (ARN)
Certificate_Object_GUID means the ID of the certificate.
7) Update Certificate for HTTPS Load Balancer
To update the certificate for HTTPS load balancer, use ARN of the certificate and use the following command.
aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-loadbalancer --load-balancer-port 443 --ssl-certificate-id arn:aws:iam::123456789012:server-certificate/certificate_object_name
my-loadbalancer means the name of your load balancer.
Arn:aws:iam:: 123456789012 is Your_AWS_Account_ID
Check your SSL Configuration
Finally, you can test your SSL configuration using our SSL checker tool that will give you detail information of the certificate like SSL algorithm type, server type, key size, serial number, certificate issuer name, about your SSL certificate and will let you about certificate installation status.