I bought a SSL cert from Go Daddy and I'm hosting my website on a linux instance running nginx on AWS.
I am trying to install a SSL certificate on to an instance I have on AWS
This is my understanding of how the process works.
In order to get an SSL certificate I must create a CSR, when making a CSR a private key is also created. I submit my CSR to my CA (Go Daddy) and they use that create my cert and my cert chain. Then I put the cert, cert chain and private key into my server and thats it.
Theres two ways to do this, either directly on the server or through AWS. I'm trying to do it on AWS.
https://sg.godaddy.com/help/manually-install-an-ssl-certificate-on-my-aws-server-32075
This tutorial assumes I already have a CSR and Private key, which I don't.
So I tried the following to get a CSR
https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaGetCsr.html
https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html
Go to Amazon Certificate manager
Create a subordinate CA (I don't know why)
2.1. Put your details, not Go Daddy's details.
2.2. Accept default settings for all the following pages and create
Install subordinate CA certificate 3.1 Choose External private CA
3.2 This page gives you as CSR for this CA, copy and paste the CSR into Go Daddy to key the certificate from Go Daddy to my server
3.3 Download the newly keyed SSL cert from go daddy, put the bundle file in the certificate chain field, put the other file in the certificate body field
Now i get
MalformedCertificateException: The basic constraints extension must specify that the certificate is for a CA."
I've clearly done something wrong here. The error message seems as if I have misintreprted the purpose of this amazon feature.
and I've only got a CSR I don't have a Private Key.
when following this guide
https://sg.godaddy.com/help/manually-install-an-ssl-certificate-on-my-aws-server-32075
I get to step 8 and I dont have a private key file.
After doing some research I found these
https://superuser.com/a/1428640
https://serverfault.com/a/919007/596551
Which says I'll never be issued the private key from this method which puts me back to square one, no CSR and no private key, therefore no cert can be generated. However as per the first link I am using an Amazon Load Balancer
My questions are.
- Is my understanding of the process of applying an SSL certificate right?
- What is the correct way of applying a SSL cert to AWS from scratch?
When