Data Design Systems


We post new blogs every month. If you would like to learn more about a specific topic please contact us and let us know!

Latest Blogs


Share this


513-766-9111


312 Walnut St #1600, Cincinnati, OH 45202


contact@datadesignsystems.com


 

mobile-logo
Data Design Systemscode snippets how to install ssl cert on ec2
how to install ssl cert on ec2

how to install ssl cert on ec2

July 16, 2018
by brad0525
0likes
0 Comments

When I began working with AWS and EC2 I learned how to install ssl cert on ec2 . I also learned it is not as simple as using cPanel or WHM. Below I have listed out a few steps that you can follow that should help with the installation of an SSL cert….This tutorial will assume you are working with an EC2 instance running AWS linux.

To begin the process of installing an SSL cert or generating a CSR you must first make sure that mod_ssl is installed….Depending on which version of PHP you are using will depending on which version of mod_ssl you will install. See below for PHP7 and lower…Also remember we are assuming you are working with an AWS Linux EC2 instance.

PHP7
[cc lang=”html” width=”100%”]yum install mod24_ssl[/cc]

PHP < 7
[cc lang=”html” width=”100%”]yum install mod_ssl[/cc]

First you must generate the CSR..To do so follow the commands below. You will be asked a series of questions. Make sure to answer them accordingly. Once you are done answering the questions the CSR creation will be complete.

[cc lang=”html” width=”100%”]openssl genrsa 2048 > private-key.pem
openssl req -new -key private-key.pem -out csr.pem[/cc]

Next we need to view, copy, and paste the CSR into the SSL vendors input. To do so simply type the following command to see if the file exists.

[cc lang=”html” width=”100%”]ls -l[/cc]
[cc lang=”html” width=”100%”]sudo vi csr.pem[/cc]

Now paste the CSR into the input of the SSL provider.  Once the SSL provider issues the cert you will need to download the cert for Apache (assuming you are using Amazon Linux). The next step is to add the cert and bundle cert to your server. To do this use the follow code below. Replace the “xxxxxxxxxxxxxxxxxx.crt” with the cert file name and then paste the cert content in and save. Then do the same with the “bundle.crt” and make sure to change the name.

[cc lang=”html” width=”100%”]sudo vi xxxxxxxxxxxxxxxxxx.crt
sudo vi  bundle.crt[/cc]

Once the SSL provider issues the cert you will need to download the cert for Apache (assuming you are using Amazon Linux). The next steps involve us moving the SSL cert to a location on the server that we will be able to find easily. I typically move my certs to  the /etc/httpd/conf  folder…Use the following commands to do this.. Make sure to replace “xxxxxxxxxxxxxxxxxx.crt” , “bundle.crt”, and “private-key.pem” to use the name of the files on your server.

[cc lang=”html” width=”100%”]sudo cp private-key.pem /etc/httpd/conf/private-key.pem
sudo xxxxxxxxxxxxxxxxxx.crt /etc/httpd/conf/xxxxxxxxxxxxxxxxxx.crt
sudo cp bundle.crt /etc/httpd/conf/bundle.crt[/cc]

Next we need to edit the ssl.conf file located at “etc/httpd/conf.d/ssl.conf” to open this file use the code below.

[cc lang=”html” width=”100%”]sudo vi /etc/httpd/conf.d/ssl.conf[/cc]

Install SSL Cert on EC2 Instance

Install SSL Cert on EC2 Instance

At the very top of the file below any of the code use the following snippet and add your domain. Make sure to fill in the “xxxxxxxx” information with your servers…

ServerName xxxxxxxxx.com   (you can comment this out if you do not have it)
ServerAlias xxx.xxxxxxxxxx.com    (the domain or sub domain for the website….www.xxxxx.com or sub.xxxxx.com or xxxxxxx.com)
Redirect / https://xxx.xxxxxxxxxx.com/     (This is redirecting all traffic from http to https…make sure you add your domain where the xxxxxx are)         

[cc lang=”html” width=”100%”]
<VirtualHost *:80>
#DocumentRoot “/www/var/html”
ServerName xxxxxxxxx.com
ServerAlias xxx.xxxxxxxxxx.com
Redirect / https://xxx.xxxxxxxxxx.com/
# Other directives here
</VirtualHost>

[/cc]

Next we need to add the correct cipher…You will see in the snippet below I have commented out two items and added 1..Please do the exact same.

[cc lang=”html” width=”100%”]
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#SSLProxyCipherSuite HIGH:MEDIUM:!aNULL:!MD5

SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL

[/cc]

Lastly we need to update the key file locations….Make sure you find the following and comment them out first..They add the correct ones back in using the snippet below..

  • #SSLCertificateFile
  • #SSLCertificateKeyFile
  • #SSLCertificateChainFile

[cc lang=”html” width=”100%”]
SSLCertificateFile /etc/httpd/conf/xxxxxxxx.crt
SSLCertificateKeyFile /etc/httpd/conf/private-key.pem
SSLCertificateChainFile /etc/httpd/conf/bundle.crt
[/cc]

Finally you  can save and quit the ssl.conf configuration. Once this is complete the SSL cert is installed..Last thing you need to do is restart apache by following the snippet below. You should get ok,ok…If you do not get 2 OK’s then something in the configuration is wrong…

Once I confirm I have 2 OK’s I navigate to https://www.sslshopper.com/ssl-checker.html and enter my url to confirm the SSL is setup correctly.

[cc lang=”html” width=”100%”]
sudo service httpd restart
[/cc]

Once you understand how to setup and SSL cert the process seems to flow much quicker.  If you need help setting up an SSL cert on your EC2 instance feel free to email or call us.

code snippets
Share
How to setup AWS RDS triggers Previous

No Comments

Leave a reply