4

I have an AWS ELB on http and it works fine.

Now I want to add https listener and AWS requires an SSL:

enter image description here

I have SSL certificate in my server and I dont know where is the Private Key\Public Key Certificate their.

I have read on other StackOverFlow questions about it and I saw that you should use Openssl to convert the Certificate to PEM but I can't understand where is the Private Key\Public Key Certificate their which I should convert to PEM.

Could you please help me understand how to get those PEMs from my server's certificate?

Mike Cluck
  • 31,869
  • 13
  • 80
  • 91
Misha Zaslavsky
  • 8,414
  • 11
  • 70
  • 116
  • 1
    Are you hosting in US-East-1? If so AWS has this built in for free! https://medium.com/@arcdigital/enabling-ssl-via-aws-certificate-manager-on-elastic-beanstalk-b953571ef4f8?source=linkShare-3b23b2f27a60-1463013160 – hephalump May 12 '16 at 00:32

2 Answers2

4

You can follow below steps for this:-

For this you can do the following:-

1. Create SSL private key using OPENSSL.

sudo openssl genrsa -out your-private-key-name.pem 2048

2. Next, create a CSR key using OPEN-SSL 

openssl req -sha256 -new -key your-private-key-name.pem -out csr.pem

The system will ask for some details, like your country, city, company name etc. Fill in those details.

  1. These steps will result in two .pem files.

  2. Now, while generating your SSL certificate from your SSL provider(Godaddy), generate the SSL certificate using the csr.pem contents.

  3. After verification, you will be provided with your SSL certificate (.crt) files. [Generally, two .crt files]

  4. Now, you have to configure this configuration onto AWS server.

  5. Open the form (for which you have posted the screenshot).
    a. For private key section, post the contents of your-private-key-name.pem
    b. Open one of the .crt files with a text editor. If this has only one set of
    -----BEGIN CERTIFICATE----- AND -----END CERTIFICATE-----
    paste it in the Public Key Certificate section.

    c. If the .crt file has multiple sets of
    -----BEGIN CERTIFICATE----- AND -----END CERTIFICATE-----
    paste it in the Certificate Chain section.

Now, you have entered your Private Key, Public Key and Certificate Chain AWS should not give any error.

NOTE: Do not copy the contents of .pem and .crt files directly from LINUX (vi editor). Open the files in windows and then paste the contents into the AWS form.

Hope that helps.

Monis
  • 918
  • 7
  • 17
1

Before you got SSL cert from godday, you have to generate CSR file first.

Then use this link to covert to .PEM file https://www.sslshopper.com/ssl-converter.html

And follow here: How to convert .crt to .pem

Community
  • 1
  • 1
Thanh Nguyen Van
  • 10,292
  • 6
  • 35
  • 53
  • 1
    I have a CSR and also a .crt About this https://www.sslshopper.com/ssl-converter.html - I didn't understand what to convert to .PEM file? The .crt? (it converts it to .der), could you explain it more please? – Misha Zaslavsky May 11 '16 at 11:09
  • you can follow this http://stackoverflow.com/questions/4691699/how-to-convert-crt-to-pem to covert .crt file to .pem file – Thanh Nguyen Van May 11 '16 at 11:10
  • Thanks, now it becomes more clear for me. I have the .pem file and I pasted it to the Public Key Certificate. Where can I get the private key? – Misha Zaslavsky May 11 '16 at 11:51
  • when you created csr file, it's being created private key as well – Thanh Nguyen Van May 11 '16 at 12:33