NOTE: You will also need the private key that you used to create the CSR (certificate signing request)

It was a bit trying attempting to figure out how to get our Verisign SSL to install correctly on our AWS ELB. Here were the steps we used.

Grab the Certs from Verisign

  1. Navigate to the certificate page for your domain. Click Download you certificate
  2. Select the radio button for “Other server / I don’t know” and click Download certificate
  3. Copy and paste the contents of each box into a seperate text file. (feel free to use your real domain in the filenames

Textarea labeled Save as local file
Primary Intermediate Certificate intermediate_1.my_domain.crt
Secondary Intermediate Certificate intermediate_2.my_domain.crt
End Entity Certicate public.my_domain.crt

Insert into ELB

If you are creating a new server, follow the wizard until you get to the SSL part. Then come to the blog post. I am replacing my existing cert – thanks Heartbleed!. For this, I find my existing ELB, navigate the “Listeners” tab, and click the Change link next to my current SSL certificate.

You should see a form like this:

NOTE: Notice the textareas read “pem encoded”. Assuming that you followed the previous steps and chose the X.509 format from Verisign, no conversion is necessary Give the certificate a name. Possibly include the date for future reference.

Important Note 1: The order of the certificates matter!! The chain certificate is the 2nd intermediate certificate following immediately by the 1st intermediate certificate. This threw me for a bit.

Make it easier on yourself and create a chained cert file like so.

$ cat intermediate_2.my_domain.crt intermediate_1.my_domain.crt > chain.my_domain.crt

Important Note 2: The certificate chain reads “optional.” It is not optional!. We omitted it and all of the mobile browsers wouldn’t accept the cert. Don’t do what I did. Don’t be a lazy jerkwad.

Copy and paste the contents of the following local files into the proper text areas:

Local file Textarea labeled
[your private key] Private Key:*
public.my_domain.crt Public Key Certificate:*
chain.my_domain.crt Certificate Chain:

Click Save and you should be ready to rock and roll.

Resources

Verisign SSL Docs

Amazon SSL - ELB Docs



blog comments powered by Disqus

Published

16 April 2014

Tags