How to install a Thawte SSL certificate on Amazon Elastic Load Balancer?
- Certificate name is your choice - it is just to identify the certificate later
-
Private Key is the key (PEM, base-64) you generated when you created your CSR - you will copy and paste the entire file into the field, from
-----BEGIN RSA PRIVATE KEY-----
to-----END RSA PRIVATE KEY-----
(inclusive). -
Public Key is the PEM encoded, based 64 verion of what obtained from Thawte (X.509). Copy the contents of the X.509 into a text editor (e.g. vi), save it with a .cer extension. Use OpenSSL to display it in the needed format:
openssl x509 -inform DER -in yourfilefromthawte.cer
Copy and paste the output from
-----BEGIN CERTIFICATE-----
to-----END CERTIFICATE-----
(inclusive) into the field. - Certificate Chain is the Thawte CA bundle that you can download from their site. For Thawte's SSL Web Server and Wildcard certificates (may be different if you have a different certificate type), their CA bundle is available from their site. (Download the 'Bundled CA version', it is already in PEM format, copy and paste the entire file (both certificates) into the field)
Check out this AWS thread for more information (although that is Verizon specific, the basic ideas apply).
Related videos on Youtube
Geuis
Updated on September 18, 2022Comments
-
Geuis over 1 year
Here's my situation. We've generated an SSL certificate from Thawte for a site we're hosting on EC2. We have our servers load balanced using Elastic Load Balancer.
Thawte gives us one PKCS signed certificate. When I go to the Amazon console to generate a new load balancer so that I can attach the certificate it requires 4 fields:
Certificate Name Private Key Public Key Certificate Chain
Where I'm getting confused is that we only have the 1 certificate, yet the private & public keys are expected to be different.
What's the process to complete this?
-
Geuis almost 13 yearsThat makes a little more sense. However I'm not sure if it gets me all the way there. On the Thawte console, I have the option to show the key as either PKCS #7 or X.509. Do I use the same process you described to extract the public/private keys from either of those documents?
-
Zoredache almost 13 yearsGrab the X.509 download. I haven't used Amazon, but I would bet that is the format you want. I suspect the x.509 option will be a zip file with the various things separated.
-
Geuis almost 13 yearsSadly its not a download. The literally provide a textarea with the x.509 key as copy/paste.
-
cyberx86 almost 13 yearsAmazon has instructions for setting up SSL on ELB: http://aws.typepad.com/aws/2010/10/elastic-load-balancer-support-for-ssl-termination.html
-
Geuis almost 13 years@cyberx86 thanks, I already have the link. That's not the problem, its getting the 2 keys in order to fill the fields.