Uploading a SSL certificate in AWS is required when setting up a HTTPS load balancer or a cloudfront bucket with HTTPS support. The certificate format required by AWS is likely to differ a little bit from what an SSL provider will give you. This article explains how to convert your SSL certificate to the format expected by AWS.
1 - What you need
SSL Providers (like GoDaddy) usually provide three things when generating a SSL certificate:
- somedomain.key: this is the private key
- somedomain.crt: this is the public certificate
- provider_bundle.crt: this is the SSL provider bundle (public certificate signing your SSL certificate)
On the other side, AWS expects three things:
- Private Key in pem format
- Public Key Certificate in pem format
- Certificate chain in pem format: this is the bundle provided by your provider
2 - Installing the certificate on the ELB
Requirement
You need to have openssl installed on your computer
Let's convert the private key into PEM format
openssl rsa -in somedomain.key -outform PEM -out somedomain.key.pem
That's pretty much it!
Now upload the content of each file as directed:
- Upload content of somedomain.key.pem to Private Key
- Upload content of somedomain.crt to Public Key Certificate
- Upload content of provider_bundle.crt to Certificate Chain
Example below while setting up a AWS Load Balancer: