openssl req -new -newkey rsa:2048 -nodes -keyout server-cert.key -out server-cert-sign-req.csr
# Country Name (2 letter code) [AU]:US
# State or Province Name (full name) [Some-State]:California
# Locality Name (eg, city) []:
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Flutterby Labs, Inc.
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:www.dogo.co
# Email Address []:[email protected]
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []: <LEAVE THIS BLANK>
# An optional company name []: <LEAVE THIS BLANK>
- Upload
server-cert-sign-req.csrto digicert as type "OTHER" - Now wait for Digicert to tell you your cert is ready...
- Download certificate from digicert: "Best format for" > "Apache"
- Unzip the folder and move your previously generated
server-cert.keyto this folder - Upload the certificate:
aws iam upload-server-certificate --server-certificate-name server-name-certificate_22-JUN-2016 --certificate-body file://server-name-certificate.crt --private-key file://server-cert.key --certificate-chain file://DigiCertCA.crt
In EC2 console:
- Create an AWS load balancer in EC2 panel
-
- Make a name and add Load Balancer Protocol HTTPS > HTTP
-
- Select existing SSL
-
- Use default config (ELBSample-ELBDefaultNegotiationPolicy)
-
First, Genereate & Upload CSR + Download new cert just like before. Then in aws console:
- Go to ec2 > Load Balancers > Select your current load balancer
- In details panel at bottom, select "Listeners" tab > SSL Certificate > (Change) link
- Upload the new SSL Certificate (Private key is
server-cert.key, Public Key Certificate is<file-containing-all-the-certs>.pem)
Cheers!