AWS is a cloud computing service from Amazon that provides on-demand cloud computing platforms for individuals, corporates, governments, and business entities.
One of the services it offers is the EC2 cloud (Elastic Compute Cloud), which basically allows the user to access a virtual network of computers through the internet.
As such, AWS EC2 carries plenty of private information of users. In the case of governments and corporates, it has access to a huge amount of sensitive data as well. Therefore, its security is of the utmost importance.
An SSL certificate is essential not only to build trust with your customers and demonstrate that you consider customers’ information but also to safeguard and secure sensitive data from the malicious intent of cyber-criminals.
Steps to Install SSL Certificate on Amazon Web Services (AWS) EC2 Instance
It’s quite easy to do this – you just need to follow a set of simple steps.
At the outset, you must have the following documents handy:
- Server certificate
- Private key
- CA bundle (intermediate certificates)
Once you buy the SSL certificate, a certificate authority (CA) sends a server certificate file to your registered email. You need to upload it to the Identity Access Management (IAM), along with the certificate chain (CA-bundle) and the private key.
1. Certificate files in PEM format
This is the first step towards installing SSL on AWS EC2 instance. The certificate files and the private key file are in the .crt file format when they are sent to you. They must be converted to PEM (Privacy Enhanced Mail) format in order to proceed further.
2. After the conversion, the files must be uploaded one after the other into AWS
This is done in the following steps:
- Log in to AWS.
- Next, sign onto the Amazon EC2
- Search for the navigation menu on the left-hand side.
- On the navigation menu, click (expand) ‘Network and Security.’
- Select the option called ‘Load Balancers.’
- Coming to the main pane, only choose and select on the ‘Load Balancers’ icon when you upload the certificate.
- Click on the ‘listeners’ tab. Click on ‘Edit’ and then ‘Add’
- Select HTTPS as protocol under SSL certificate and click ‘Change’ in the ‘SSL Certificate’ column.
- Click the radio button called ‘Upload a new SSL certificate to AWS Identity and Access Management (IAM).
- You may wish to rename your certificate. Renaming it by a name that you are likely to remember in the future can result in a lot less hassle for you.
- For the Private Key field, simply paste the text from your file. This should include the “—–BEGIN RSA PRIVATE KEY—–” and “—–END RSA PRIVATE KEY—–“
- For the Public Key Certificate field, simply paste the text from your file. You must include the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“
- For the ‘Certificate Chain’ field, simply paste the text from your ‘CA_bundle.crt’ or file equivalent. In every case, you should have a total of three certificates in CA-bundle in this text field. You must include the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“ lines here as well.
- Click on the blue-colored Save button to finalize your SSL install.
3. Certificate confirmation
IAM will confirm your certificate details once you upload a certificate.
- For acceptance, the following file format must be followed – X.509 PEM.
- The current certificate date should be between the start date and end date.
- The private key should match with the certificate.
- The private key must be in PEM format.
- The private key must not have an encrypted password.
You must wait for at least 5 minutes for the changes you made to take effect in AWS EC2. Once you restart, you will find that the changes have been accommodated.
Once the process is over, it is a good practice to check and test whether the SSL certificate has been properly configured and set-up with SSL checker.