How to Install SSL on AWS which we bought from other vendor.

By adminHosting, SSL

How to Install an SSL Certificate on AWS Purchased from a Third-Party Vendor

✨ Keeping your website secure with an SSL certificate is critical for protecting the information exchanged between your website and its visitors. If you’ve purchased an SSL certificate from a third-party vendor and need to install it on an AWS-hosted application, here’s a simple guide to help you through the process. ✨

Step 1: Generate a Certificate Signing Request (CSR)

✨ To begin, you’ll need to generate a Certificate Signing Request (CSR). This is a vital step for obtaining an SSL certificate from your vendor. ✨

  1. Access Your EC2 Instance:
    • Log in to your AWS Management Console.
    • Navigate to the EC2 dashboard and connect to your instance via SSH.
  2. Generate the CSR and Private Key: Run the following OpenSSL command: openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
    • Fill in the requested information, such as your domain name and organization name.
    • This process generates your private key (yourdomain.key) and CSR (yourdomain.csr).
  3. Submit the CSR to the Vendor:
    • Share the CSR with your SSL vendor to receive the certificate files.

Step 2: Upload the Certificate to AWS Certificate Manager (ACM)

✨ Once your vendor provides the necessary files, you’ll need to upload them to AWS Certificate Manager. ✨

Your vendor should provide:

  • A certificate file (e.g., yourdomain.crt)
  • Intermediate and root certificates (e.g., ca_bundle.crt)
  1. Navigate to ACM in AWS:
    • Open the AWS Management Console and go to the ACM service.
    • Select Import a Certificate.
  2. Upload the Files:
    • Upload the certificate, private key, and certificate chain (intermediate and root certificates).
    • Click Next and follow the prompts to complete the process.

Note: If you’re using services like Elastic Load Balancer (ELB), you can directly associate the certificate in ACM.

Step 3: Install the SSL Certificate on Your Server

✨ Prefer installing the certificate directly on your server? No problem! Follow these steps. ✨

  1. Transfer the Certificate Files to Your Instance: Securely copy the following files to your server using scp or another method:
    • Private key (yourdomain.key)
    • Certificate file (yourdomain.crt)
    • Certificate chain (ca_bundle.crt)
  2. Update Your Web Server Configuration:
    • For Apache: Open your Apache configuration file (e.g., /etc/httpd/conf.d/ssl.conf or /etc/apache2/sites-available/default-ssl.conf): <VirtualHost *:443> ServerName yourdomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /path/to/yourdomain.crt SSLCertificateKeyFile /path/to/yourdomain.key SSLCertificateChainFile /path/to/ca_bundle.crt </VirtualHost> Save the file and restart Apache: sudo systemctl restart apache2
    • For Nginx: Open your Nginx configuration file (e.g., /etc/nginx/sites-available/default): server { listen 443 ssl; server_name yourdomain.com; ssl_certificate /path/to/yourdomain.crt; ssl_certificate_key /path/to/yourdomain.key; ssl_trusted_certificate /path/to/ca_bundle.crt; location / { root /var/www/html; } } Save the file and restart Nginx: sudo systemctl restart nginx

Step 4: Test Your SSL Installation

✨ Finally, ensure your SSL installation is working correctly. ✨

  1. Open Your Website: Visit your website using https://yourdomain.com to confirm that no security warnings appear.
  2. Use an SSL Checker Tool: Validate the certificate setup with tools like SSL Labs.