We have bought our ssl from comodo from name.com as we got a better deal there. After sending them our signed key. comodo sent us following files via email, against my private key. Now I would blog about how I setted the whole thing up on AWS.
First of all, before purchasing I had to send them a key which I had generated using OpenSSL using following command:
openssl req \ -newkey rsa:2048 -nodes -keyout domain.key \ -out domain.csr
Which was pretty easy. And as we had bought
Comodo Essential SSL Wildcard so we could buy it without verifying our company, in fairly easy in less than 5 min.
After our successful purchase comodo sent us following files as zip in my email:
domain_com.crt os our Primary Certificate,
COMODORSAAddTrustCA.crt is our Intermediate Certificate, and
AddTrustExternalCAROOT.crt is the The Root Certificate.
Now it gets a little bit tricky because currently our certificates are in
.crt format, but we want it to be in
*.pem format. So we would need to convert them in
openssl x509 -in ./AddTrustExternalCARoot.crt -outform pem -out ./pem/AddTrustExternalCARoot.pem openssl x509 -in ./COMODORSAAddTrustCA.crt -outform pem -out ./pem/COMODORSAAddTrustCA.pem openssl x509 -in ./COMODORSADomainValidationSecureServerCA.crt -outform pem -out ./pem/COMODORSADomainValidationSecureServerCA.pem openssl x509 -in ./domain_com.crt -outform pem -out ./domain.pem
We would also need to keys that was used to create these certificates by comodo.
openssl rsa -in ./domain.key -outform PEM -out domain.key.pem
Lets create the chain first:
$ cat ./COMODORSADomainValidationSecureServerCA.pem > ./CAChain.pem $ cat ./COMODORSAAddTrustCA.pem >> ./CAChain.pem $ cat ./AddTrustExternalCARoot.pem >> ./CAChain.pem
Now you need to login to your aws console and search for ACM (Amazon Certificate Manager). and if it is your first time you need to click on
It is time to import your certificate to ACM. At the form where it says
Certificate body* please paste
domain.key.pem and at Certificate chain paste
So thats it we are done importing.
Now if you have a load balancer you can take advantages of this ssl. If you have an existing
load balancer or feel free to create one, where at the place of
https instead of
http and for certificate choose
acm and your domain.
You are good to go.