Install Wildcard Certificate onto AWS EC2 Load Balancer

amazon-web-services openssl ssl-certificate load-balancing amazon-elb
17,764

Solution 1

Please read the post: AWS Load Balancer SSL limitations. The following solution worked for me:

openssl rsa -in server.key -text

Then copy and paste the produced output between (including):

-----BEGIN RSA PRIVATE KEY-----

and

-----END RSA PRIVATE KEY-----

AWS Load Balancer had accepted this key successfully.

Solution 2

Hmmh, everything looks correct at first sight, but let's double check on a few details.

And exported by cert and created all those files, but it doesn't tell you which file goes in which field.

I can't quite follow, insofar the linked guide clearly states where to put he files:

When prompted for the certificate keys do the following:

  • Open the file server.key that was created from above with openssl and paste into the Private Key textbox
  • Open the file cert.pem that was created from above with openssl and copy the text from —-BEGIN till the end of the file and paste that into Public Key Certificate textbox

Note: I did not put anything into the certificate chain

The screenshot you provided indicates you have chosen the correct combination in fact, however ...

I tried what I think is all the combinations but it doesn't accept it

... I assume you have deliberately shortened the textarea input widgets for Private Key and Public Key Certificate to decrease image size or hide the actual keys? Otherwise the text to be pasted has mostly gone lost somehow, insofar it should look something like:

-----BEGIN CERTIFICATE-----
MIICeDCCAeGgAwIBAgIGAOABb24uY29tMQwwCgb3DQEBBQUAMFMxCzAJBgNVBAYT
[...]
A WHOLE LOT MORE HEX DIGITS HERE!
[...]
q04lCMxITAfBgNVBAMTAAJW26+adw9C063H7I846ZbxHl6BkcTPsjL3b5JoZhyim
jbzH4dktTFNIkX4o
-----END CERTIFICATE-----

In this regard another cause might be addressed by this answer to Public key and private cert don't match:

Looks like the issue was the way in which I was copying the contents of the key and certs into the AWS Management console. I was using an Ubuntu desktop running in Virtual Box [...] Once I opened the key and cert files on the same box as the web browser (Windows in this case) the certs went through just fine. I'm guessing some parts of the file aren't making it over correctly when using the shared clip board between Virtual Box client and host.

Given the high probability of special characters appearing in the hex dump, this is entirely possible for various similar copy&paste scenarios as well, e.g. between SSH terminals with erroneous character encoding settings etc.

Solution 3

Simplest/most concise explanation that I have come across for creating a self-signed cert for AWS ELBs is...

openssl genrsa -out server_privatekey.pem 1024
openssl req -new -key server_privatekey.pem -out server_certificate_csr.pem
openssl x509 -req -days 3650 -in server_certificate_csr.pem -signkey server_privatekey.pem -out server_certificate.pem

And then in AWS;

Certificate Name: mycert

Private key: [content of server_privatekey.pem]

Public key: [content of server_certificate.pem]

Certificate Chain: [content of server_certificate_csr.pem]

Credit: https://forums.aws.amazon.com/message.jspa?messageID=381093

Share:
17,764
Dale Fraser
Author by

Dale Fraser

Updated on June 17, 2022

Comments

  • Dale Fraser
    Dale Fraser almost 2 years

    I'm having trouble. I followed a guide that I found here

    http://www.thenetworkadministrator.net/index.php/2011/12/iis-ssl-certificate-into-amazon-elastic-load-balancer/

    And exported by cert and created all those files, but it doesn't tell you which file goes in which field. I tried what I think is all the combinations but it doesn't accept it

    I Setup the balancer as follows

    enter image description here

    Then I try to setup the certificate

    enter image description here

    Then you can see it tells me it's invalid.

    In case it helps I exported from IIS and followed the tutorial on the link provided and the certificate is a DigiCert Wildcard Certificate ie (*.domain.com)

  • Paulo Scardine
    Paulo Scardine over 10 years
    The link to the referred post is dead.
  • Paulo Scardine
    Paulo Scardine over 10 years
    Thanks, both formats look almost the same, lost a couple hours around this one.
  • Devplex
    Devplex about 10 years
    In my case the ELB wizard complained about in 'Invalid Public Key Certificate' when in fact my private key format was incorrect. Your solution fixed it.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AWS Elastic Load Balancer and target group health check fail for no apparent reason
Reverse Proxy Server Cloud Architecture (AWS + nginx)
Full end to end encryption with AWS Elastic Load Balancer, Nginx and SSL
Get AWS ELB name from an attached instance
Can I use the new free SSL/TLS AWS certificates without ELB or Beanstalk on plain EC2?
AWS Fargate + Application Load Balancer SSL Termination
Install AWS SSL Certificate to EC2 instance without load balancer
What algorithm does Amazon ELB use to balance load?
AWS: "Unable to parse certificate. Please ensure the certificate is in PEM format."
Can ELB redirect request depending on the URL?