1

I've read through this: Install SSL on Amazon Elastic Load Balancer with GoDaddy Wildcard Certificate but am still a bit unsure.

I have a subdomain: platform.mysite.com that is pointed to an ELB in Amazon.

That ELB has 5 instances that it sits in front of.

I read through this: http://www.nczonline.net/blog/2012/08/15/setting-up-ssl-on-an-amazon-elastic-load-balancer/ as well and can figure most of it out except I'm lost as to generating the CSR. Which machine do I do it on?

Do I need the same CSR for every instance?

Thanks

Community
  • 1
Shamoon
  • 901
  • 4
  • 14
  • 22

1 Answers1

1

It doesn't matter which machine you create the private key or csr on, just so long as the machine is secure. I use openssl to create the csr: 

openssl req -new -newkey rsa:2048 -nodes -out csr.pem -keyout privkey.pem

You only need a third party signed certificate for ELB, not the other instances. You can use a self-signed certificate for the instances, or, if you're comfortable, you can choose to make your traffic from the instances to the load balancer be regular http. The load balancer works independently of the instances as far as ssl goes.

Update: There are a couple of other things you are going to know. You will have to decrypt the private key:

openssl rsa -in privkey.pem -out decryptedprivkey.pem

You might not be able to use the web-based certificate upload feature of the AWS Console because of GoDaddy's intermediate certificate. To do this I use the IAM CLI from Amazon:

iam-servercertupload --aws-credential-file aws-credential.properties -b yourdomain.crt -c gd_bundle.crt -k decryptedprivkey.pem -s yourcertificatename
Edwin
  • 1,011
  • 7
  • 17
  • I don't really have much knowledge with the iam CLI... is there no way for me to upload the intermediate file? – Shamoon Jan 09 '13 at 22:20
  • Not that I know of. The command line is not hard, though. Just download and extract them to a directory and put your credentials in the file provided, and you're ready to go. – Edwin Jan 09 '13 at 23:41