How to upload SSL certificate to AWS ELB
How to upload SSL certificate to AWS ELB
This is Saito from the infrastructure team.
Thank you to all the infrastructure and in-house SE staff for your hard work every time you renew your SSL certificate.
Well, AWS Certificate Manager is now available in the Tokyo region from May 16th this year.
From now on, you can use SSL certificates with Amazon as the certificate authority for free.
AWS is becoming more and more convenient, but this time we will introduce how to apply an SSL certificate obtained through another certificate authority to ELB.
I use AWSCLI for my work. Please install the following modules before performing this task.
pip install awscli
If you have not completed the initial settings, enter the command below.
aws configure
Complete the default settings by entering the following items.
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
The settings are in the files ~/.aws/credentials, ~/.aws/config
Saved as name.
How to upload
First, prepare an SSL certificate.
the SSL certificate in the current directory in an environment where you can
run the awscli command and upload the SSL certificate to the remote management console using the command below.
aws iam upload-server-certificate --server-certificate-name "example-domain.com" \ --certificate-body file://./example-domain.com.crt \ --private-key file:// ./example-domain.com.key \ --certificate-chain file://./example-domain.com.ca
For each,
certificate-body: Server certificate
private-key: Specify the private key
Specify the intermediate certificate
If there is multiple user information in ~/.aws/credentials
please specify it with
the --profile
Also, if an error is output asking you to specify a region, specify the ELB region with the
--region
For example, in the Tokyo region, it is ap-northeast-1.
Now, let's list the commands for each case.
When adding a new listener like https(443)→http(80) to ELB
aws elb create-load-balancer-listeners \ --load-balancer-name \ --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80,SSLCertificateId=arn:iam:::server-certificate/example -domain.com --region ap-northeast-1
When updating the certificate of an existing listener
aws elb set-load-balancer-listener-ssl-certificate \ --load-balancer-name \ --load-balancer-port 443 \ --ssl-certificate-id arn:aws:iam:::server-certificate/ example-domain.com \ --region ap-northeast-1
If you want to delete the uploaded certificate
aws iam delete-server-certificate --server-certificate-name example-domain.com
When deleting a listener
aws elb delete-load-balancer-listeners --load-balancer-name --load-balancer-ports 443
By knowing the above commands, the process of uploading certificates to ELB has become smoother.
It is also a good idea to embed it in a shell script as a fixed form process.