SSL on AWS - How to install SSL certificate on Amazon web service
install SSL certificate on Amazon web service

02/07/2019 by admin with 0 comments

How to install SSL certificate on Amazon web service

Amazon web service provides a variety of hosting services that let you reach your business goals effectively. To give you crystal clear idea about the SSL installation process on Amazon Web services, we come up with this short guide that let you know what you will need and how to install SSL.


Remember, you need to install certificates on each device if you have more than one server. Hence, it is essential to consult Amazon documentation regarding configuring your SSL.


  • Server certificate: you can log in Amazon web services and visit your Account Dashboard, later you need to download it else you can get it from your domain. More than one intermediate certificateis required, which lets your device connects to your server.


  • Intermediate certificates: If you got your server certificate through ZIP folder chances are that it contains intermediate certificates. If it fails to have intermediate certificates, you need to download the CA bundle for your intermediate certificates.


  • Security key: When it comes to encrypting the source code, you need to buy a private key from the authorized Microsoft domain. If not, just try to generate it from a free generator tool.

Step 1:

Visit the official website and complete the registration process. As soon as you complete the SSL buying process, you will be notified by Certificate Authority. You have to upload the server certificate to the Identity Access Management. Additionally, add the certificate chain and private key to IAM.


Step 2:

You will get a certificate file from the Certificate Authority. It contains a private key, certificate chain file, and server certificate. Remember, the certificate Authority sends a server certificate file in the .crt format, which you have to convert into.PEM format.


To convert the files in.Crt format into.PEM format, you can use OpenSSL command.

OpenSSL rsa -in privatekey_filename.key -outform PEM


openssl x509 -inform PEM -in sslorintermediate_filename.cer

Step 3: Upload Certificate Using AWS CLI via Command

Once you convert the file name into a specified format, you have to use the following the command to upload the certificate.


aws iam upload-server-certificate –server-certificate-name certificate_object_name –certificate-body file://public_key_certificate –private-key file://privatekey.pem –certificate-chain file://certificate_chain_file


“certificate_object_name” refers to an own name of the certificate for easy to remember.

Step 4:

Hope you have uploaded the SSL certificate using the above command successfully.  Now you have to make sure of the below details


The private key should be matched with the certificate files and its format should contain X.509 PEM

Since it is in PEM format, a private key need not have an encrypted password. Makes sure that the start date and end date of certificate file are valid and up-to-date.


After uploading the SSL certificate, just use the below command to verify Your SSL certificate.

Once you have done with the uploading process, the output files seem like this format.


arn:aws:iam::Your_AWS_Account_ID:server-certificate/Your_Certificate_Object_Name Certificate_Object_GUID


step 5

Run the given command to update the certificate for HTTPS Load balancer

aws elb set-load-balancer-listener-ssl-certificate –load-balancer-name my-loadbalancer –load-balancer-port 443 –ssl-certificate-id arn: aws:iam::123456789098:server-certificate/certificate_object_name


my-loadbalancer is the name of your load balancer.

Arn:aws:iam:: 123456789098 is Your_AWS_Account_ID


After configuring the SSL certificates, you can verify the certification installation details such as server type, serial number, SSL certs, certificate etc.

Leave Comment