AWS – add wildcard SSL certificate to ELB
In this tutorial we assume that you are using COMODO SSL certificate (wildcard or not)
Create on Linux server the “server and private key” – this is the request file.
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr.
Go to Certificate vendor site and paste the server.csr (the request file)
Get the widlcard certificate files. (sometimes it includes a bundle file and some not)
Convert your keys to PEM:
openssl rsa -in server.key -text > private.pem openssl x509 -inform PEM -in server.crt > public.pem
Build a bundle file that contains all intermediate certificates: (this is the Certificate chain)
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > PositiveSSL.ca-bundle[//shell]
Using the AWS Management Console
To update an SSL certificate for an HTTPS load balancer
- Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- On the Amazon EC2 console Resources page, in the EC2 Dashboard pane, under NETWORK & SECURITY, click Load Balancers.
- On the Load Balancers page, select your load balancer.
- The bottom pane displays the details of your load balancer.
- Click the Listeners tab.
- In the Listeners pane, click Change in the SSL Certificate column of the certificate you want to update.
- On the Select Certificate page, select Choose from an existing SSL Certificates if you have already uploaded your SSL certificate using IAM. Click the Certificate Name: dialog box and select your certificate. Click Save.
- Or, select Upload a new SSL Certificate if you have an SSL certificate and want to upload it.
Before you upload, ensure that your certificate meets the criteria described in Upload the Signed Certificate
If your certificate does not meet the criteria listed in this step, you might get an error when you upload it. Create a new SSL certificate and upload the certificate using AWS Identity and Access Management (IAM). For instructions on creating and uploading the SSL certificate, see SSL Certificate for Elastic Load Balancing.
Step through the following instructions to continue uploading your SSL certificate.
- Enter the name of the certificate to upload.
- Copy and paste the contents of the private key file (PEM-encoded) in the Private Key box.
The private key cannot be retrieved after you are finished uploading it.
- Copy and paste the contents of the public key certificate file (PEM-encoded) in the Public Key Certificate box.
- You can skip this step if you are using a self-signed certificate and it’s not important that browsers implicitly accept the certificate.
If you are not using self-signed certificate, copy and paste the contents of the public key certificate chain file (PEM-encoded) in the Certificate Chain box.
The certificate chain must be ordered such that the root certificate is the last certificate in the chain. If you use a certificate chain in a different order, you will receive an error.
- Click Save.
Update all Load balancers with new certificate: