Amazon ELB HTTPS Not working
Don't forget to allow port 443 in the security group. That's what was causing it to timeout for me.
If you're using Elastic Beanstalk (EBS), you should tweak SSL settings directly in EBS config and it'll update the ELB and security groups as required. If you update it directly in EC2/ELB interface, even though you can get SSL to work, it will not be reflected in the EBS interface.
You need to upload SSL Certificate first. Please make sure that whether your certificate chain contains the intermediate and Root certificates in the proper order.
The best way to analyze the problem with the chain certificate I was found here: Wormly Test SSL Web Server.
I have started the Amazon ELB SSL configuration for my domain here: SSL Certificate for Elastic Load Balancing.
I am using COMODO Instant SSL certificates. So, I got the bundle of the certificates in a zip file. When I extracted, it contains four files inside it like:
1.AddTrustExternalCARoot {Root certificate}
2.COMODORSAAddTrustCA {intermediate certificate 1}
3.COMODORSADomainValidationSecureServerCA {intermediate certificate 2}
4.www_example_com {public key for my domain name}
Note: We need to convert the above certificate file into .PEM format, before using it in Amazon ELB. This is done by using the command:
openssl x509 -inform PEM -in {above certificate file name}
Now I went to Listeners part of ELB to configure HTTPS. ELB HTTPS have three brackets called:
1.Private Key {paste the private key which was generated using openSSL}
2.Public Key Certificate {paste the public key of www_example_com certificate}
3.Certificate Chain {paste the intermediate and Root certificate}
In the first attempt, as amazon guided the Certificate Chain part is optional. I went on leaving it's blank. It's worked fine in the PC browsers. And the problem was arrised while trying to open it in the android mobile browsers.
I have found solution here:Setting up SSL on an Amazon Elastic Load Balancer and Creating a .pem File for SSL Certificate Installations links.
So, to avoid this I have included the chained certificate in this order:
COMODORSADomainValidationSecureServerCA
COMODORSAAddTrustCA
AddTrustExternalCARoot
I have copy pasted the above three certificate including Begin and End tags in to the chain certificate bracket.
Now it's done. Great its worked fine. Now my SSL configuration is shown 100% secure when I checked it with Wormly Test SSL Web Server.
Thank you.