Install a SSL certificate via Amazon Web Services (AWS)
You received your certificate by email with one or several intermediate certificates and a root certificate. Keep this email within reach.
1- Retrieve your certificate(s) on your server
In the delivery email you'll find several links. Click on them and download the associated files:
(From your certificate status page, click on "See the certificate" or "See the last certificate" button)
- A: you server certificate in PEM format (file with the extension .cer or .crt )
- B: the certification chain in PEM format ("See the certification chain ; .txt file)
2 - Convert your files into PEM format
In order to install your certificate via AWS IAM (Identity Access Management) you'll have to convert your certificate, the certification chain and the private key in PEM format, if required.
- The private key: if it not in PEM format, use the following command line to convert it:
openssl rsa -in private-key-name -outform PEM - Your certificate: if it not in PEM format, use the following command line to convert it:
openssl x509 -inform PEM -in your-certificate - The certification chain: if it not in PEM format, use the following command line to convert it:
openssl x509 -inform PEM -in certification-chain-file-name
3 - Upload your certificate into IAM
Uploader your certificate into IAM with the following command:
aws iam upload-server-certificate --server-certificate-name >your-certificate-name --certificate-body encoded-public-certificate --private-key encoded-private-key --certificate-chain encoded-certificate-chain
4 - Verify that the certificate is well installed and get the ARN and ID
After the server certificate is uploaded, you can verify that the information is stored in IAM. Each certificate object has a unique Amazon Resource Name (ARN) and ID. You can request these details for a specific certificate object by referencing the name of the certificate object:
aws iam get-server-certificate --server-certificate-name your-certificate-name
The output of the above command will include the ARN and the ID as in the example below:
arn:aws:iam::55555555555:server-certificate/production/monCertASCACexempleKEZUQ4K
Make a note of the ARN. You need it to install the certificate on your load balancer