Well, normally users create csr for certificate signing request using openssl on x509 format, and you get certificate from Certificate signing authority in x509 format, but AWS ELB it only supports pem encoded key,cert. So in this post I am going to talk about how to change key,cert to pem encoded format and configure ELB with key and cert.
1. Convert your cert to pem encoded format
# openssl x509 -in example.com.cert -out cert.example.com.der -outform DER
# openssl x509 -in cert.example.com.der -inform DER -out cert.example.com.pem -outform PEM
# openssl x509 -in cert.example.com.der -inform DER -out cert.example.com.pem -outform PEM
Your pem encoded cert will be cert.example.com.pem. you can view it’s content using
# cat cert.example.com.pem
2. Convert you key to pem encoded format
# openssl rsa -in example.com.key -out key.example.com.der -outform DER
# openssl rsa -in key.example.com.der -inform DER -out key.example.com.pem -outform PEM
# openssl rsa -in key.example.com.der -inform DER -out key.example.com.pem -outform PEM
Your pem encoded cert will be key.example.com.pem. you can view it’s content using
# cat key.example.com.cert
3. Also convert root chain certificate to pem encoded format
# openssl x509 -in chain.example.com.cert -out chain.example.com.der -outform DER
# openssl x509 -in chain.example.com.der -inform DER -out chain.example.com.pem -outform PEM
# openssl x509 -in chain.example.com.der -inform DER -out chain.example.com.pem -outform PEM
Your pem encoded cert will be chain.example.com.pem. you can view it’s content using
# cat chain.example.com.cert
4. Now login to AWS console and go to Listeners tab on ELB page.
5. Select https on LoadBalancer protocol and click change on SSL Certificate
6. Copy and paste content of pem encoded cert file
7. Follow same step for key and certificate chain cert
8. You can leave instance protocol to http(80) so that you don’t have to configure key and cert on all of your web server. ELB takes of it.
No comments:
Post a Comment