{"id":534,"date":"2019-09-23T08:24:33","date_gmt":"2019-09-23T08:24:33","guid":{"rendered":"https:\/\/www.rapidsslonline.com\/ssl\/?p=534"},"modified":"2019-09-23T08:24:34","modified_gmt":"2019-09-23T08:24:34","slug":"how-to-install-an-ssl-certificate-on-aws-ec2-instance","status":"publish","type":"post","link":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/","title":{"rendered":"How to Install an SSL Certificate on AWS EC2 Instance"},"content":{"rendered":"\n<p>Amazon Web Services (AWS) offers building\nblocks that give us a scalable, low-cost infrastructure to support new\napplications and virtual servers. They can be adjusted as per business demands\nwithout any commitments, only paying for what you need. Knowing how to install\nan SSL certificate on an AWS EC2 instance seems like a super tricky process,\nbut it doesn\u2019t have to be. <\/p>\n\n\n\n<p>Installing SSL\/TLS certificates on the web server\nis of utmost importance because it helps to prevent your website from being\nflagged as \u201dnot secure.\u201d It also allows for secure, encrypted communication\nwith HTTPS enabled and builds trust so that the end-user does not get any\nsecurity warnings when visiting your site. <\/p>\n\n\n\n<p>Installing and configuring SSL\/TLS\ncertificates on AWS is a fairly simple process \u2014 but here are a few things\nyou\u2019ll need before you can get started.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Prerequisites for Installing an SSL Certificate on AWS<\/strong><\/h2>\n\n\n\n<p>Before you can start the installation\nprocess, you\u2019ll need to have your SSL certificate in hand. We assume that you\nalready purchased a certificate since you\u2019re looking for directions on how to\ninstall one. However, if you don\u2019t have one yet, you can purchase one from us\nat a significantly discounted cost: <\/p>\n\n\n\n<p>Now that you have purchased your\ncertificate, you can move forward. Here\u2019s everything you\u2019ll need to install an\nSSL certificate on your AWS EC2 instance: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Server certificate:<\/strong> This is the certificate that you received from the CA, possibly via\nemail.<\/li><li><strong>Intermediate certificates:<\/strong> If you received the certificate in a zip folder, it should also\ncontain these certificates, if not, download the CA Bundle for your\ncertificate.<\/li><li><strong>Private key:<\/strong> It should be in your possession or on the server.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Installation Steps for Adding an SSL Certificate to an EC2 Instance<\/strong><\/h2>\n\n\n\n<ol class=\"wp-block-list\"><li> Convert the certificates (the ones received from the CA would be in .crt format) to PEM format either by using an <a href=\"https:\/\/www.httpcs.com\/en\/ssl-converter\">online conversion tool<\/a> or by using the OpenSSL library: <strong>openssl x509 -in my_certificate.crt -out my_certificate.pem -outform PEM<\/strong><\/li><li>Go to your Amazon management console and log in.<\/li><li>From there go to the EC2 console.<\/li><li>Choose <strong>Load Balancer<\/strong> from the navigation pane under the network and security section.<\/li><li>Select the load balancer where you want to upload the certificate.<\/li><li>Go to the Listener tab and click on <strong>Edit<\/strong> and then on <strong>Add<\/strong>. Choose HTTPS as the protocol and under SSL certificate select <strong>Change<\/strong> and click on \u201cUpload a new certificate to AWS Identity and Access Management (IAM).\u201d<\/li><li>Fill in the certificate details \u2014 this includes a name, the private key, the public key, and the certificate chain \u2014 by pasting the contents of the file into the designated areas and then click on <strong>Save<\/strong>.<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Troubleshooting<\/strong><\/h2>\n\n\n\n<p>Sometimes people run into issues when\ninstalling their SSL certificate. Here are a few examples of the snafus people\nrun into and how you can address them:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>The format of the public key, private key and certificate chain must be PEM-encoded<\/strong><\/h3>\n\n\n\n<p>The <strong>private key<\/strong> is the one used to generate the CSR and can\neither be in PKCS #1 format (traditional format) or PKCS #8 (new format).<\/p>\n\n\n\n<p>PKCS #1 format:<br>\n&#8212;&#8211;BEGIN RSA PRIVATE KEY&#8212;&#8211;<br>\nBase64-encoded private key<br>\n&#8212;&#8211;END RSA PRIVATE KEY&#8212;&#8211;<\/p>\n\n\n\n<p>PKCS #8 format:<br>\n&#8212;&#8211;BEGIN PRIVATE KEY&#8212;&#8211;<br>\nBase64-encoded private key<br>\n&#8212;&#8211;END PRIVATE KEY&#8212;&#8211;<\/p>\n\n\n\n<p>If the private key is generated using the OpenSSL genrsa command,\nthe default format is PKCS #8<\/p>\n\n\n\n<p>To convert your PKCS #1 to PKCS #8:<\/p>\n\n\n\n<p>openssl rsa -in newkey.pem\n-out newkey.pem<\/p>\n\n\n\n<p>Remember that you will not be able to retrieve your private key once\nit has been uploaded to the load balancer.<\/p>\n\n\n\n<p>The <strong>public key certificate<\/strong> is the one issued to you by a certificate\nauthority.<\/p>\n\n\n\n<p>&#8212;&#8211;BEGIN CERTIFICATE&#8212;&#8211;<br>\nBase64-encoded private key<br>\n&#8212;&#8211;END CERTIFICATE&#8212;&#8211;<\/p>\n\n\n\n<p>The certificate issued by the CA constitutes the certificate\u2019s chain\nwith a CA bundle. A CA bundle is a file that contains root and intermediate\ncertificates. The chain is required so that your browser can recognize the\ncertificate without throwing any security warnings. It\u2019s usually sent over by\nyour CA authority, or it can be downloaded from the CA\u2019s website or third-party\nsites. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Missing certificate chain<\/strong><\/h2>\n\n\n\n<p>If the intermediate certificates are not installed properly, the\nbrowser will not be able to trace back to the root CA who issued the\ncertificate. This means that the browser will throw up security warnings that\nwill turn away site visitors and customers. It\u2019s only for a self-signed\ncertificate that we do not need the certificate chain (though, we caution, that\nself-signed certificates should not be used in place of standard certificates\non external-facing sites). Run the following command from the terminal to\nestablish if the certificates have been installed correctly:<\/p>\n\n\n\n<p>openssl s_client\n-showcerts -connect enter_domain.com:port_number<\/p>\n\n\n\n<p>If the command returns code: 21 (which means that it\u2019s unable to\nverify the first certificate), it indicates that OpenSSL failed to verify the\ncertificate because of the missing certificate chain. Third-party sites can\nalso be used to check whether the SSL certificates were installed correctly on\nyour server.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Amazon Web Services (AWS) offers building blocks that give us a scalable, low-cost infrastructure to support new applications and virtual servers. They can be adjusted as per business demands without<\/p>\n<div class=\"article-wpr-button\"><a href=\"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/\" class=\"btn btn-green\">Read More<\/a><\/p>\n<div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[42,43],"class_list":{"0":"post-534","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-ssl-advanced","7":"tag-aws-ssl","8":"tag-aws-ssl-with-ec2-instance"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Install an SSL Certificate on AWS EC2 Instance<\/title>\n<meta name=\"description\" content=\"A complete step-by-step guide for installing an SSL certificate on AWS EC2 instance. It includes openSSL commands also.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Install an SSL Certificate on AWS EC2 Instance\" \/>\n<meta property=\"og:description\" content=\"A complete step-by-step guide for installing an SSL certificate on AWS EC2 instance. It includes openSSL commands also.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/\" \/>\n<meta property=\"og:site_name\" content=\"SSL\/TLS Certificates\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/rsosslcertificates\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-09-23T08:24:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-09-23T08:24:34+00:00\" \/>\n<meta name=\"author\" content=\"rsossladmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@RSOSSL\" \/>\n<meta name=\"twitter:site\" content=\"@RSOSSL\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"rsossladmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Install an SSL Certificate on AWS EC2 Instance","description":"A complete step-by-step guide for installing an SSL certificate on AWS EC2 instance. It includes openSSL commands also.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/","og_locale":"en_US","og_type":"article","og_title":"How to Install an SSL Certificate on AWS EC2 Instance","og_description":"A complete step-by-step guide for installing an SSL certificate on AWS EC2 instance. It includes openSSL commands also.","og_url":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/","og_site_name":"SSL\/TLS Certificates","article_publisher":"https:\/\/www.facebook.com\/rsosslcertificates\/","article_published_time":"2019-09-23T08:24:33+00:00","article_modified_time":"2019-09-23T08:24:34+00:00","author":"rsossladmin","twitter_card":"summary_large_image","twitter_creator":"@RSOSSL","twitter_site":"@RSOSSL","twitter_misc":{"Written by":"rsossladmin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/#article","isPartOf":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/"},"author":{"name":"rsossladmin","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#\/schema\/person\/3e29357f5e5d2c9349d69af7ee7e0361"},"headline":"How to Install an SSL Certificate on AWS EC2 Instance","datePublished":"2019-09-23T08:24:33+00:00","dateModified":"2019-09-23T08:24:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/"},"wordCount":846,"commentCount":0,"publisher":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/#organization"},"keywords":["aws ssl","aws ssl with ec2 instance"],"articleSection":["SSL Advanced"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/","url":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/","name":"How to Install an SSL Certificate on AWS EC2 Instance","isPartOf":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/#website"},"datePublished":"2019-09-23T08:24:33+00:00","dateModified":"2019-09-23T08:24:34+00:00","description":"A complete step-by-step guide for installing an SSL certificate on AWS EC2 instance. It includes openSSL commands also.","breadcrumb":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.rapidsslonline.com\/ssl\/how-to-install-an-ssl-certificate-on-aws-ec2-instance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"SSL Resources","item":"https:\/\/www.rapidsslonline.com\/ssl\/"},{"@type":"ListItem","position":2,"name":"SSL Advanced","item":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-advanced\/"},{"@type":"ListItem","position":3,"name":"How to Install an SSL Certificate on AWS EC2 Instance"}]},{"@type":"WebSite","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#website","url":"https:\/\/www.rapidsslonline.com\/ssl\/","name":"SSL\/TLS Certificates","description":"Secure a website in few minutes with Trusted SSL Certificate","publisher":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rapidsslonline.com\/ssl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#organization","name":"RapidSSLOnline","url":"https:\/\/www.rapidsslonline.com\/ssl\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#\/schema\/logo\/image\/","url":"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/10\/rapidsslonline-logo.png","contentUrl":"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/10\/rapidsslonline-logo.png","width":266,"height":39,"caption":"RapidSSLOnline"},"image":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/rsosslcertificates\/","https:\/\/x.com\/RSOSSL","https:\/\/in.linkedin.com\/company\/rapidsslonline-com"]},{"@type":"Person","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#\/schema\/person\/3e29357f5e5d2c9349d69af7ee7e0361","name":"rsossladmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/cf2ab5c0a7dc43f8ef0e96e302af463c71e9fccb9c0392857a20c0cc593a1b65?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cf2ab5c0a7dc43f8ef0e96e302af463c71e9fccb9c0392857a20c0cc593a1b65?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cf2ab5c0a7dc43f8ef0e96e302af463c71e9fccb9c0392857a20c0cc593a1b65?s=96&d=mm&r=g","caption":"rsossladmin"}}]}},"_links":{"self":[{"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/posts\/534","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/comments?post=534"}],"version-history":[{"count":0,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/posts\/534\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/media?parent=534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/categories?post=534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/tags?post=534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}