[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

How to upload SSL certificate to AWS ELB

2016.06.22

Server construction/operation

How to upload SSL certificate to AWS ELB

This is Saito from the infrastructure team.
Thank you to all the infrastructure and in-house SE staff for your hard work every time you renew your SSL certificate.

Well, AWS Certificate Manager is now available in the Tokyo region from May 16th this year.

From now on, you can use SSL certificates with Amazon as the certificate authority for free.

AWS is becoming more and more convenient, but this time we will introduce how to apply an SSL certificate obtained through another certificate authority to ELB.

I use AWSCLI for my work. Please install the following modules before performing this task.

pip install awscli

If you have not completed the initial settings, enter the command below.

aws configure

Complete the default settings by entering the following items.
AWS Access Key ID [None]:

AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]: The settings are in the files ~/.aws/credentials, ~/.aws/config Saved as name.

How to upload

First, prepare an SSL certificate.
the SSL certificate in the current directory in an environment where you can
run the awscli command and upload the SSL certificate to the remote management console using the command below.

aws iam upload-server-certificate --server-certificate-name "example-domain.com" \ --certificate-body file://./example-domain.com.crt \ --private-key file:// ./example-domain.com.key \ --certificate-chain file://./example-domain.com.ca

For each,
certificate-body: Server certificate
private-key: Specify the private key

Specify the intermediate certificate

If there is multiple user information in ~/.aws/credentials please specify it with
the --profile Also, if an error is output asking you to specify a region, specify the ELB region with the
--region For example, in the Tokyo region, it is ap-northeast-1.

Now, let's list the commands for each case.

When adding a new listener like https(443)→http(80) to ELB

aws elb create-load-balancer-listeners \ --load-balancer-name \ --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn:iam:::server-certificate/example -domain.com --region ap-northeast-1

When updating the certificate of an existing listener

aws elb set-load-balancer-listener-ssl-certificate \ --load-balancer-name \ --load-balancer-port 443 \ --ssl-certificate-id arn:aws:iam:::server-certificate/ example-domain.com \ --region ap-northeast-1

If you want to delete the uploaded certificate

aws iam delete-server-certificate --server-certificate-name example-domain.com

When deleting a listener

aws elb delete-load-balancer-listeners --load-balancer-name --load-balancer-ports 443

By knowing the above commands, the process of uploading certificates to ELB has become smoother.
It is also a good idea to embed it in a shell script as a fixed form process.

If you found this article helpful , please give it a like!