Setup SSL certificate on Amazon EC2

Posted by admin on September 5, 2016

 Amazon EC2

 I am using unbuntu based EC2 instance so commands are specific to that but the steps are mostly generic and will apply to most linux distributions.

There are basically 4 steps for this:

 1.  Create CSR

I basically used OpenSSL to generate CSR as it is installed by default in ubuntu. You can go to https://www.digicert.com/easy-csr/openssl.htm to get the command to generate CSR. Once you have the command login to your EC2 instance via ssh. And run the command. It will create 2 files, namely www_domain_com.csr and  www_domain_com.key  [in this case I am generating certificate for www]

2.  Buy SSL certificate

Once you have the CRS ready you need to buy the certificate. This should generally be quick. I generally use godaddy as they offer huge discounts ;). Once you have bought the certificates you will get domain.com.crt file. Please retain the key file that you generated inthe CSR process (step 1).

3.  Enable HTTPS support on Apache

a. Run the command "sudo a2enmod ssl" to enable mod_ssl.

b. Then run the "sudo a2ensite default-ssl" to configure Apache2 for HTTPS.

c. After you have done this restart Apache "sudo /etc/init.d/apache2 restart".

The HTTPS support on apache should work now. One important point to note here (this wasted a lot of my time Cry, you need to open port 443 on AWS console from the Security group for this server. Though we have not installed the certificate yet, but just test the site with HTTPS to ensure that you are able to access the server. Now you should be able to access the site on HTTPS.

4. Install the certificate

Now you have both key and certificate files ready and Apache already is enabled to support HTTPS. So let's go ahead and install the newly got certificate files. For this you need to copy the .key file (that got generated while creating CSR) to /etc/ssl/private/ and certificate file to /etc/ssl/certs/. Then open the file /etc/apache2/sites-available/default-ssl and search SSLCertificateFile and SSLCertificateKeyFile. Change these paths to the actual certificate and key paths and restart the Apache server.

Now you are all set! :-)

Need experienced Indian professionals
whatsapp