Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This entry describes how to upload a SSL certificate to AWS Cloufront.article explains how to use a custom HTTPS domain with AWS CloudFront to expose static assets under your own domain.

Image Added


...


Table of Contents
stylenone


...


1 - Context

By default AWS CloudFront provides its own domain and its own SSL certificate. Your CloudFront URL will look like this https://d111111abcdef8.cloudfront.net/some/asset.png

If you want to serve static assets under HTTP and HTTPS you need to setup a CNAME to this CloudFront URL and upload an SSL certificate to CloudFront matching the desired CNAME that AWS can use to serve your assets.

Note that uploading a custom SSL certificate is only required if you wish to serve assets through HTTPS.

2 - Upload your SSL certificate

In order to upload an SSL certificate you need:

  • your certificate public key in pem format (e.g. mydomain.com.crt)
  • your certificate private key in pem format (e.g. mydomain.com.key.pem)
  • your Certificate Authority (CA) certificate chain (e.g. gd_bundle-g2-g1.crt for GoDaddy)

With this in hand you run the command below to upload your certificate to CloudFront. 

Code Block
languagebash
aws --profile MY-AWS-PROFILE iam upload-server-certificate --server-certificate-name maestranomydomain.wildcard.2016com --certificate-body file://maestranomydomain.com.wildcard.crt --private-key file://maestranomydomain.com.wildcard.key.pem --certificate-chain file://gd_bundle-g2-g1.crt --path /cloudfront/


Info

The option "–profile MY-AWS-PROFILE" is required by the aws CLI to properly set your keys. See the AWS CLI documentation for more details.


3 - Using your cloudfront certificate

Once your certificate has been upload you can go into the AWS CloudFront portal, edit your CloudFront distribution and configure to use your custom domain and certificate. Following the example above your certificate will be named mydomain.com (certificate name)