How to install godaddy ssl certificate on aws elb?

Solution 1

For AWS ELB you need three thing as you said

Private Key

The rsa key you Generated on linux with

#openssl genrsa -des3 -out host.key 2048

it will ask for password, give it for now we will remove it later.

Public key

from your private key you first Generate csr file which is Certificate Signing Request(the one you submit to authority in your case godaddy to get public key). you can Generate csr file using

#openssl req -new -key host.key -out host.csr

now you submit your csr file to godaddy and in return they provide you two files(mydomain.crt, gd_bundle.crt). mydomain.crt is your public key.

Certificate Chain

gd_bundle.crt is certification Chain file which godaddy provides you with your public key.your public key and certification chain file don't need any conversion but for the private key file you need to remove its password and convert it into pem with

#openssl rsa -in host.key -out private.pem 

and its all good to go for AWS.put private key.pem file content in aws private key section and put mydomain.crt file content in public key and put gd_bundle.crt content in certification chain Section. Conversion all depends upon from where you are getting your Certificate. if getting certificate from some other company i will recommend you to follow AWS Docs.

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html

Solution 2

I recently had to go through this process and none of the answers worked for me. Here are the steps that allowed me to upload a new SSL certificate to AWS (for subsequent use in ElasticBeanstalk).

Obtaining Private Key

I had to use two commands for this process:

openssl genrsa -des3 -out server.pass.key 2048
openssl rsa -in server.pass.key -out server.key

The server.key file is your Private Key.

Additionally, you can generate the CSR (Certificate Signing Request) by doing:

openssl req -nodes -new -key server.key -out server.csr

This is the file we'll use to request GoDaddy to issue our new certificate.

Obtaining Public Key

Once the certificate has been issued in GoDaddy download it. This will give you two files which must be bundled into one by doing:

cat yourdomain.crt gd_bundle-g2-g1.crt > combined.crt

The combined.crt would be your Public Key.

Uploading server certificate to AWS

With the server.key and combined.crt file you can now upload the certificate to AWS using AWS CLI. You just have to use the following command:

aws iam upload-server-certificate --server-certificate-name your_certificate_name --certificate-body file://combined.crt --private-key file://server.key

If everything went well, you'll receive a response from the server:

{
    "ServerCertificateMetadata": {
        "ServerCertificateId": "ABCDEFG12345678", 
        "ServerCertificateName": "certificate-name", 
        "Expiration": "2018-08-26T11:59:38Z", 
        "Path": "/", 
        "Arn": "arn:aws:iam::1234123412:server-certificate/certificate-name", 
        "UploadDate": "2017-08-26T19:53:46.989Z"
    }
}

And that’s it, you should have a new SSL certificate available to you in AWS.

Solution 3

Almost two years ago exactly, but I cam across this and it stumped me for a second.

The Certificate body* is the main key in the zip file, mine looks like this f7dsdfsdf2f4e942d.crt and has only one entry.

The middle field Certificate private key* is the ssh private key that signed your csr. It lives on the server that you user to create your csr request. I found the location of mine by looking at the nginx config file and copying to my local drive.

The last field Certificate chain is the the file with 3 entries, mine looks like gd_bundle-g2-g1.crt.