how to install ssl cert on ec2
When I began working with AWS and EC2 I learned how to install ssl cert on ec2 . I also learned it is not as simple as using cPanel or WHM. Below I have listed out a few steps that you can follow that should help with the installation of an SSL cert….This tutorial will assume you are working with an EC2 instance running AWS linux.
To begin the process of installing an SSL cert or generating a CSR you must first make sure that mod_ssl is installed….Depending on which version of PHP you are using will depending on which version of mod_ssl you will install. See below for PHP7 and lower…Also remember we are assuming you are working with an AWS Linux EC2 instance.
PHP7
[cc lang=”html” width=”100%”]yum install mod24_ssl[/cc]
PHP < 7
[cc lang=”html” width=”100%”]yum install mod_ssl[/cc]
First you must generate the CSR..To do so follow the commands below. You will be asked a series of questions. Make sure to answer them accordingly. Once you are done answering the questions the CSR creation will be complete.
[cc lang=”html” width=”100%”]openssl genrsa 2048 > private-key.pem
openssl req -new -key private-key.pem -out csr.pem[/cc]
Next we need to view, copy, and paste the CSR into the SSL vendors input. To do so simply type the following command to see if the file exists.
[cc lang=”html” width=”100%”]ls -l[/cc]
[cc lang=”html” width=”100%”]sudo vi csr.pem[/cc]
Now paste the CSR into the input of the SSL provider. Once the SSL provider issues the cert you will need to download the cert for Apache (assuming you are using Amazon Linux). The next step is to add the cert and bundle cert to your server. To do this use the follow code below. Replace the “xxxxxxxxxxxxxxxxxx.crt” with the cert file name and then paste the cert content in and save. Then do the same with the “bundle.crt” and make sure to change the name.
[cc lang=”html” width=”100%”]sudo vi xxxxxxxxxxxxxxxxxx.crt
sudo vi bundle.crt[/cc]
Once the SSL provider issues the cert you will need to download the cert for Apache (assuming you are using Amazon Linux). The next steps involve us moving the SSL cert to a location on the server that we will be able to find easily. I typically move my certs to the /etc/httpd/conf folder…Use the following commands to do this.. Make sure to replace “xxxxxxxxxxxxxxxxxx.crt” , “bundle.crt”, and “private-key.pem” to use the name of the files on your server.
[cc lang=”html” width=”100%”]sudo cp private-key.pem /etc/httpd/conf/private-key.pem
sudo xxxxxxxxxxxxxxxxxx.crt /etc/httpd/conf/xxxxxxxxxxxxxxxxxx.crt
sudo cp bundle.crt /etc/httpd/conf/bundle.crt[/cc]
Next we need to edit the ssl.conf file located at “etc/httpd/conf.d/ssl.conf” to open this file use the code below.
[cc lang=”html” width=”100%”]sudo vi /etc/httpd/conf.d/ssl.conf[/cc]
Install SSL Cert on EC2 Instance
At the very top of the file below any of the code use the following snippet and add your domain. Make sure to fill in the “xxxxxxxx” information with your servers…
ServerName xxxxxxxxx.com (you can comment this out if you do not have it)
ServerAlias xxx.xxxxxxxxxx.com (the domain or sub domain for the website….www.xxxxx.com or sub.xxxxx.com or xxxxxxx.com)
Redirect / https://xxx.xxxxxxxxxx.com/ (This is redirecting all traffic from http to https…make sure you add your domain where the xxxxxx are)
[cc lang=”html” width=”100%”]
<VirtualHost *:80>
#DocumentRoot “/www/var/html”
ServerName xxxxxxxxx.com
ServerAlias xxx.xxxxxxxxxx.com
Redirect / https://xxx.xxxxxxxxxx.com/
# Other directives here
</VirtualHost>
[/cc]
Next we need to add the correct cipher…You will see in the snippet below I have commented out two items and added 1..Please do the exact same.
[cc lang=”html” width=”100%”]
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#SSLProxyCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
[/cc]
Lastly we need to update the key file locations….Make sure you find the following and comment them out first..They add the correct ones back in using the snippet below..
- #SSLCertificateFile
- #SSLCertificateKeyFile
- #SSLCertificateChainFile
[cc lang=”html” width=”100%”]
SSLCertificateFile /etc/httpd/conf/xxxxxxxx.crt
SSLCertificateKeyFile /etc/httpd/conf/private-key.pem
SSLCertificateChainFile /etc/httpd/conf/bundle.crt
[/cc]
Finally you can save and quit the ssl.conf configuration. Once this is complete the SSL cert is installed..Last thing you need to do is restart apache by following the snippet below. You should get ok,ok…If you do not get 2 OK’s then something in the configuration is wrong…
Once I confirm I have 2 OK’s I navigate to https://www.sslshopper.com/ssl-checker.html and enter my url to confirm the SSL is setup correctly.
[cc lang=”html” width=”100%”]
sudo service httpd restart
[/cc]
Once you understand how to setup and SSL cert the process seems to flow much quicker. If you need help setting up an SSL cert on your EC2 instance feel free to email or call us.
Kelembope
Usa Viagra Delivery Erythromycin Price In Las Vegas
Kiadup
albendazole
Dendup
albenza over the counter
Dendup
albenza cost
Kiadup
albendazole
Kiadup
albendazole buy
Dendup
albendazole generic
Sexy girls for the night in your town Canada http://tinyurl.com/y6apdrrt
Sexy girls for the night in your town USA: http://tinyurl.com/y23eptr5
Dendup
albendazole
Sexy girls for the night in your town USA https://clck.ru/GWEtN
The best women for sex in your town Canada: https://clck.ru/GWEcX
Kiadup
albendazole
Dendup
albendazole cost
Kiadup
albendazole over the counter
Kiadup
albenza generic
Dendup
albendazole without prescription
Dendup
cheap albendazole
Kiadup
[url=https://albendazole400.com/]albendazole[/url]
Kiadup
[url=http://albendazole400.com/]albendazole[/url]
Dendup
albenza over the counter
Dendup
albendazole
Kiadup
albendozale purchase
Dendup
albenza generic
Kiadup
buy albendazole
Kiadup
abindazole
Dendup
generic albendazole