Verisign SSL on an AWS ELB
NOTE: You will also need the private key that you used to create the CSR (certificate signing request)
It was a bit trying attempting to figure out how to get our Verisign SSL to install correctly on our AWS ELB. Here were the steps we used.
Grab the Certs from Verisign
- Navigate to the certificate page for your domain. Click Download you certificate
- Select the radio button for “Other server / I don’t know” and click Download certificate
- Copy and paste the contents of each box into a seperate text file. (feel free to use your real domain in the filenames
|Textarea labeled||Save as local file|
|Primary Intermediate Certificate||intermediate_1.my_domain.crt|
|Secondary Intermediate Certificate||intermediate_2.my_domain.crt|
|End Entity Certicate||public.my_domain.crt|
Insert into ELB
If you are creating a new server, follow the wizard until you get to the SSL part. Then come to the blog post. I am replacing my existing cert – thanks Heartbleed!. For this, I find my existing ELB, navigate the “Listeners” tab, and click the Change link next to my current SSL certificate.
You should see a form like this:
NOTE: Notice the textareas read “pem encoded”. Assuming that you followed the previous steps and chose the X.509 format from Verisign, no conversion is necessary Give the certificate a name. Possibly include the date for future reference.
Important Note 1: The order of the certificates matter!! The chain certificate is the 2nd intermediate certificate following immediately by the 1st intermediate certificate. This threw me for a bit.
Make it easier on yourself and create a chained cert file like so.
$ cat intermediate_2.my_domain.crt intermediate_1.my_domain.crt > chain.my_domain.crt
Important Note 2: The certificate chain reads “optional.” It is not optional!. We omitted it and all of the mobile browsers wouldn’t accept the cert. Don’t do what I did. Don’t be a lazy jerkwad.
Copy and paste the contents of the following local files into the proper text areas:
|Local file||Textarea labeled|
|[your private key]||Private Key:*|
|public.my_domain.crt||Public Key Certificate:*|
Click Save and you should be ready to rock and roll.
blog comments powered by Disqus