10

I'm a bit stuck installing an SSL Cert on an AWS Elastic Load Balancer. I have a wildcard certificate from GoDaddy and need to point it at the ELB.

I have run the command (I ran it on one of the servers behind the load balancer):

openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr

and then I have sent the .csr file to GoDaddy. At which point they have returned a zip folder with two files in it: gd_bundle.crt and mydomain.com.crt. The gd_bundle.crt when looking at it appears to have two unique keys inside of it (two base 64 encoded strings).

Amazon ELB is asking for a Public and a Private key and based on what I've done I'm not sure which is what. From this point I'm not sure what to do to get this all loaded.

Any help would be greatly appreciated.

Peter
  • 250
  • 1
  • 4
  • 11
  • I found the answer on Stack Overflow http://stackoverflow.com/questions/6753619/how-do-i-setup-ssl-certs-on-amazon-aws-load-balancer-using-godaddy-certificates – Peter Aug 20 '12 at 22:00

3 Answers3

9

The private key is mydomain.key which you generated along with the CSR.

What GoDaddy has sent you is the public key (the certificate file mydomain.com.crt, as signed by GoDaddy), as well as the intermediate certificate chain for GoDaddy that complete the chain of trust between your certificate and what an end-user's browser knows about (the gd_bundle.crt file).

I'm not specifically familiar with ELB, but looking at this documentation page:

http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.html

You will supply your mydomain.key file for the private key, the mydomain.com.crt file for the public key, and the gd_bundle.crt file for the certificate chain.

cjc
  • 24,533
  • 2
  • 49
  • 69
5

Adding Godaddy Cert to EC2 ELB

Setup AWS Command Line Interface

Setup instructions are found here: http://aws.amazon.com/cli/

Define your files and run these commands:

# define these
crtdomain="example.com"
crtchain="gd_bundle.crt"

echo "converting to pem format"
openssl rsa -in ${crtdomain}.key -out aws-${crtdomain}.key
openssl x509 -in ${crtdomain}.crt -out aws-${crtdomain}.crt -outform PEM

echo "uploading certificate ${crtdomain} to Amazon"
aws iam upload-server-certificate \
--certificate-body file://aws-${crtdomain}.crt \
--private-key file://aws-${crtdomain}.key \
--certificate-chain file://${crtchain} \
--server-certificate-name ${crtdomain}

source: http://brakertech.com/ec2-elb-godaddy-cert/

brakertech
  • 255
  • 6
  • 11
2

If you open your files in a text editor you will see

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----


-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----

the chain would probably be gd_bundle.crt

enter image description here
I gave my certificate name the same name as the public key mydomain.com.crt

The Private Key came from making a text version of the key:
sudo openssl rsa -in /etc/ssl/certs/mydomain.key -text
(this would be the path to your file on the server) /etc/ssl/certs/

The Public Key will most likely be mydomain.com.crt

And the Certificate Chain will prob be gd_bundle.crt

t q
  • 243
  • 1
  • 5
  • 15