Install SSL on Amazon Elastic Load Balancer with GoDaddy Wildcard Certificate
I'm a bit stuck installing an SSL Cert on an AWS Elastic Load Balancer. I have a wildcard certificate from GoDaddy and need to point it at the ELB.
I have run the command (I ran it on one of the servers behind the load balancer):
openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr
and then I have sent the .csr file to GoDaddy. At which point they have returned a zip folder with two files in it: gd_bundle.crt
and mydomain.com.crt
. The gd_bundle.crt when looking at it appears to have two unique keys inside of it (two base 64 encoded strings).
Amazon ELB is asking for a Public and a Private key and based on what I've done I'm not sure which is what. From this point I'm not sure what to do to get this all loaded.
Any help would be greatly appreciated.
Solution 1:
The private key is mydomain.key which you generated along with the CSR.
What GoDaddy has sent you is the public key (the certificate file mydomain.com.crt, as signed by GoDaddy), as well as the intermediate certificate chain for GoDaddy that complete the chain of trust between your certificate and what an end-user's browser knows about (the gd_bundle.crt file).
I'm not specifically familiar with ELB, but looking at this documentation page:
http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.html
You will supply your mydomain.key file for the private key, the mydomain.com.crt file for the public key, and the gd_bundle.crt file for the certificate chain.
Solution 2:
Adding Godaddy Cert to EC2 ELB
Setup AWS Command Line Interface
Setup instructions are found here: http://aws.amazon.com/cli/
Define your files and run these commands:
# define these
crtdomain="example.com"
crtchain="gd_bundle.crt"
echo "converting to pem format"
openssl rsa -in ${crtdomain}.key -out aws-${crtdomain}.key
openssl x509 -in ${crtdomain}.crt -out aws-${crtdomain}.crt -outform PEM
echo "uploading certificate ${crtdomain} to Amazon"
aws iam upload-server-certificate \
--certificate-body file://aws-${crtdomain}.crt \
--private-key file://aws-${crtdomain}.key \
--certificate-chain file://${crtchain} \
--server-certificate-name ${crtdomain}
source: http://brakertech.com/ec2-elb-godaddy-cert/
Solution 3:
If you open your files in a text editor
you will see
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
the chain would probably be gd_bundle.crt
I gave my certificate name
the same name as the public key mydomain.com.crt
The Private Key
came from making a text version of the key:sudo openssl rsa -in /etc/ssl/certs/mydomain.key -text
(this would be the path to your file on the server) /etc/ssl/certs/
The Public Key
will most likely be mydomain.com.crt
And the Certificate Chain
will prob be gd_bundle.crt