How to set up an AWS SSL terminating Elastic Load Balancer with a Digicert certificate

aws-ssl-termination-digicert.md

Generate CSR (with example inputs provided)

openssl req -new -newkey rsa:2048 -nodes -keyout server-cert.key -out server-cert-sign-req.csr

# Country Name (2 letter code) [AU]:US
# State or Province Name (full name) [Some-State]:California
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Great Corp Inc.
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:www.mycorpdomain.com
# Email Address []:[email protected]
# 
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []: <LEAVE THIS BLANK>
# An optional company name []: <LEAVE THIS BLANK>

Upload CSR

• Upload server-cert-sign-req.csr to digicert
• Wait for Digicert to tell you your cert is ready

Download certificate from Digicert

• Download certificate from digicert: "Other format" -> "A single .pem file containing all the certs"

Create SSL terminating load balancer on AWS

In EC2 console:

• Create new load balancer
• Upload private key server-cert.key and public certificate .pem to amazon.
• Create an AWS load balancer in ec2 panel
  • Step 1) Make a name and add Load Balancer Protocl HTTPS -> HTTP
  • Step 2) Upload a new SSL Certificate. Private key is contents of server-cert.key, and Public Key Certificate is contents of .pem
  • Use default config (ELBSample-ELBDefaultNegotiationPolicy)

In Route 53 console:

• Create an A record type point its Alias Target to the elastic load balancer created.

Have a cup of tea

SSL certificates can be opaque and annoying. Give yourself a pat yourself on the back - even if it's not working yet - and take a break.

Cheers

thanks alot

Hi,

I would like to point that you need the key in PEM format too.
You can do it with the following command.

$ openssl rsa -in server-cert.key -out server-cert-key-pem -outform PEM

PS: Thanks a lot!.