Create AWS ELB with Self-Signed SSL Cert
Self-signing SSL Cert
1. Generate self-sign certificate using this command:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
2. Verify the key and certificate generated
openssl rsa -in privateKey.key -checkopenssl x509 -in certificate.crt -text -noout
3. Convert the key and cert into .pem
encoded file
openssl rsa -in privateKey.key -text > private.pemopenssl x509 -inform PEM -in certificate.crt > public.pem
Create Elastic Load Balancer using AWS Console
Sign into AWS Console and head to EC2 dashboard
Go to load balancer and click Create Load Balancer
Select Application Load Balancer
Configure Load balancer
Add new HTTPS Listener
Using PEM Generated in Self-Signing SSL Cert
Create new security group for new ELB
Add internal routing using HTTP
Register targets
Review and create ELB
Error will occur because certificate uploaded via GUI cannot be found.
Uploading certificate via CLI
Install AWS CLI
Get AWS Access Keys
Go to IAM Dashboard
Find your user and create access key
Configure AWS CLI
Enter your Access Key ID
Upload the Certificate using AWS IAM CLI
Enter the following command with the correct pathing to the Key and Certificate. Server certificate name is user defined.
aws iam upload-server-certificate --server-certificate-name CSC --certificate-body file://public.pem --private-key file://private.pem
Create Elastic Load Balancer using AWS Console pt2
Go to 2. Configure Security Settings and choose the new certificate uploaded.
Skip to review and create the ELB
Wait for the ELB to change State
Copy the DNS Name to test it out.
Testing
Original EC2 Instance
ELB Connection
ELB w/ HTTPs
EC2 w/HTTPS will not work as the SSL cert is tied to the ELB and not the EC2.
References
All the services and access keys created for this tutorial has been terminated/deleted.