Skip to content

Instantly share code, notes, and snippets.

@marcuswestin

marcuswestin/aws-ssl-termination-digicert.md

Last active August 28, 2018 15:18
Download ZIP

Revisions

  1. marcuswestin revised this gist Jan 14, 2014. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion aws-ssl-termination-digicert.md
    View file
    Original file line number Diff line number Diff line change
    @@ -5,7 +5,7 @@
    # Country Name (2 letter code) [AU]:US
    # State or Province Name (full name) [Some-State]:California
    # Locality Name (eg, city) []:
    # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Flutterby Labs Inc
    # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Flutterby Labs, Inc.
    # Organizational Unit Name (eg, section) []:
    # Common Name (eg, YOUR name) []:www.dogo.co
    # Email Address []:[email protected]
  2. marcuswestin revised this gist Jan 14, 2014. 1 changed file with 30 additions and 20 deletions.
    50 changes: 30 additions & 20 deletions aws-ssl-termination-digicert.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,44 +1,54 @@
    Generate CSR (with example inputs provided)
    ===========================================
    1: Generate CSR
    ===============
    `openssl req -new -newkey rsa:2048 -nodes -keyout server-cert.key -out server-cert-sign-req.csr`

    # Country Name (2 letter code) [AU]:US
    # State or Province Name (full name) [Some-State]:California
    # Locality Name (eg, city) []:
    # Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Great Corp Inc.
    # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Flutterby Labs Inc
    # Organizational Unit Name (eg, section) []:
    # Common Name (eg, YOUR name) []:www.mycorpdomain.com
    # Email Address []:administrator@mycorpdomain.com
    # Common Name (eg, YOUR name) []:www.dogo.co
    # Email Address []:administrator@dogo.co
    #
    # Please enter the following 'extra' attributes
    # to be sent with your certificate request
    # A challenge password []: <LEAVE THIS BLANK>
    # An optional company name []: <LEAVE THIS BLANK>

    Upload CSR
    ==========
    2: Upload CSR
    =============
    - Upload server-cert-sign-req.csr to digicert as type "OTHER"
    - Now wait for Digicert to tell you your cert is ready...

    Then: Download certificate from Digicert
    ========================================
    3: Download certificate from Digicert
    =====================================
    - Download certificate from digicert: "Other format" -> "A single .pem file containing all the certs"

    Create SSL terminating load balancer on AWS
    ===========================================
    4: Create SSL terminating load balancer on AWS
    ==============================================
    In EC2 console:
    - Create new load balancer
    - Upload private key server-cert.key and public certificate <file-containing-all-the-certs>.pem to amazon.
    - Create an AWS load balancer in ec2 panel
    + Step 1) Make a name and add Load Balancer Protocl HTTPS -> HTTP
    + Step 2) Upload a new SSL Certificate. Private key is contents of server-cert.key, and Public Key Certificate is contents of <file-containing-all-the-certs>.pem
    + Use default config (ELBSample-ELBDefaultNegotiationPolicy)
    + 1) Make a name and add Load Balancer Protocl HTTPS -> HTTP
    + 2) Upload the SSL Certificate. (Private key is `server-cert.key`, Public Key Certificate is `<file-containing-all-the-certs>.pem`)
    + 3) Use default config (ELBSample-ELBDefaultNegotiationPolicy)

    In Route 53 console:
    - Create an A record type point its Alias Target to the elastic load balancer created.

    Have a cup of tea
    =============
    SSL certificates can be opaque and annoying. Give yourself a pat yourself on the back - even if it's not working yet - and take a break.
    5: Now have a cup of tea
    ========================
    SSL certificates can be opaque and annoying. Give yourself a pat on the back (even if it's not working yet) and take a break.

    When your cert expires: Update with New Certificate
    ===================================================
    First, Genereate & Upload CSR + Download new cert just like before.
    Then in aws console:
    - Go to ec2 -> Load Balancers -> Select your current load balancer
    - In details panel at bottom, select "Listeners" tab -> SSL Certificate -> (Change) link
    - Upload the new SSL Certificate (Private key is `server-cert.key`, Public Key Certificate is `<file-containing-all-the-certs>.pem`)

    Have another cup of tea
    =======================

    Cheers!

    Cheers
  3. marcuswestin revised this gist Jan 13, 2014. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions aws-ssl-termination-digicert.md
    View file
    Original file line number Diff line number Diff line change
    @@ -17,11 +17,11 @@ Generate CSR (with example inputs provided)

    Upload CSR
    ==========
    - Upload server-cert-sign-req.csr to digicert
    - Wait for Digicert to tell you your cert is ready
    - Upload server-cert-sign-req.csr to digicert as type "OTHER"
    - Now wait for Digicert to tell you your cert is ready...

    Download certificate from Digicert
    ==================================
    Then: Download certificate from Digicert
    ========================================
    - Download certificate from digicert: "Other format" -> "A single .pem file containing all the certs"

    Create SSL terminating load balancer on AWS
  4. marcuswestin created this gist Feb 8, 2013.
    44 changes: 44 additions & 0 deletions aws-ssl-termination-digicert.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,44 @@
    Generate CSR (with example inputs provided)
    ===========================================
    `openssl req -new -newkey rsa:2048 -nodes -keyout server-cert.key -out server-cert-sign-req.csr`

    # Country Name (2 letter code) [AU]:US
    # State or Province Name (full name) [Some-State]:California
    # Locality Name (eg, city) []:
    # Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Great Corp Inc.
    # Organizational Unit Name (eg, section) []:
    # Common Name (eg, YOUR name) []:www.mycorpdomain.com
    # Email Address []:[email protected]
    #
    # Please enter the following 'extra' attributes
    # to be sent with your certificate request
    # A challenge password []: <LEAVE THIS BLANK>
    # An optional company name []: <LEAVE THIS BLANK>

    Upload CSR
    ==========
    - Upload server-cert-sign-req.csr to digicert
    - Wait for Digicert to tell you your cert is ready

    Download certificate from Digicert
    ==================================
    - Download certificate from digicert: "Other format" -> "A single .pem file containing all the certs"

    Create SSL terminating load balancer on AWS
    ===========================================
    In EC2 console:
    - Create new load balancer
    - Upload private key server-cert.key and public certificate <file-containing-all-the-certs>.pem to amazon.
    - Create an AWS load balancer in ec2 panel
    + Step 1) Make a name and add Load Balancer Protocl HTTPS -> HTTP
    + Step 2) Upload a new SSL Certificate. Private key is contents of server-cert.key, and Public Key Certificate is contents of <file-containing-all-the-certs>.pem
    + Use default config (ELBSample-ELBDefaultNegotiationPolicy)

    In Route 53 console:
    - Create an A record type point its Alias Target to the elastic load balancer created.

    Have a cup of tea
    =============
    SSL certificates can be opaque and annoying. Give yourself a pat yourself on the back - even if it's not working yet - and take a break.

    Cheers