SSL certificate for site on Amazon ec2 possible?

we're thinking of getting an application hosted on the ec2 service, and the application's documentation says that an SSL certificate can be installed for secure communication (https).

Its not clear to me whether a site hosted there can have one installed.


SSL certificates specify a domain name or names, not an IP address. I have not used an SSL certificate on an EC2 host, but I don't see why it wouldn't be possible.

You will probably want to use Amazon's Elastic IP service so that you can maintain a stable relationship between a given EC2 instance (EBS-backed, I imagine) and the publicly visible hostname; the hostname is what's described in the certificate.

Obviously, installing the private key for an SSL keypair on someone else's hardware has security implications - but I bet that the majority of SSL private keys are sitting on hardware that's not owned by the holder of the certificate, so it's not like that's an unfamiliar or unusual risk.

Low-end certificates aren't very expensive these days - most of the certificate vendors will even issue you a temporary 30-day cert for free so you can experiment with it and see how it will work out in your environment. You can also use a self-signed certificate which will probably generate complaints from browsers.


Further to @gbroiles' answer above, I'm running a site for my company which is hosted on EC2 and has an SSL certificate. EC2 gives you full access to the operating system, so I just installed the certificate in our Apache server in exactly the same way as if it was running on a physical machine.

We use an elastic IP address as described above; Amazon doesn't charge for elastic IP's if they are in use, but there is a small charge for unused elastic IP addresses. See the AWS pricing page for more details.