Prerequisite : A basic knowledge of AWS services, and also should know how to SSH to the EC2 instance !
Say that, you have a SSL purchased from a third party and want to map/link that SSL certificate to the AWS hosted websites via an EC2 or Beanstalk instance. The time I am writing this blog the following steps applies: As AWS is good in changing its way of doing things periodically, we have to revisit each service every-time 🙂
- Need to have the encoded KEY along-with
- Need to have the encoded CERT along-with
- Need to have the encoded CERTIFICATE CHAIN along-with
Note : If you are purchasing SSL and domain from a single provider (eg : GoDaddy), the certificates wont be available for download. You have to login to cPanel Admin, goto SSL/TLS section, and copy-paste the needed keys from there and create files yourself to the other hosting providers
ACM (AWS Certificate Manager) is what that manages SSL within AWS. This is quite useful to verify domain and get SSL’s straight from AWS. But while importing certificates from third party, just by importing it to the ACM Dashboard does not do any good to us to make site HTTPS enabled. AWS can’t automatically put anything on your EC2 instances EBS volume. You, however, can do anything on an EC2 instance you can do on any other server. You can’t use the certificate from Certificate Manager on your instance, it’s not available (at least until March 2018).
So that means we have to work upon the EC2 instance where our web is hosted. Do the SSH to the server. Using the command mod_ssl, enable the SSL in the server, Restart the Apache, go the Apache configuration file and enable the SSL along with mentioning the path of 3 files (KEY, CERT, CHAIN). And here in this same file, mention the redirection of our website from HTTP to HTTPS. (The same what we can do in htaccess file). Restart Apache once more to make sure configuration file is updated. Lets now check the website and be proud that you made the site secured (y)
Hint : To get the certificate chain every SSL provider, has a repository to download the same. In case of GoDaddy its at : https://certs.godaddy.com/repository