Install SSL certificates on AWS EC2 (Amazon Linux AMI) using "RapidSSL" | Samir Dixit
Steps to install SSL certificate generated from RapidSSL on your AWS EC2 (Amazon Linux AMI) instance running LAMP server
Install SSL certificates on AWS EC2 (Amazon Linux AMI) using "RapidSSL"
Following are the steps to install SSL certificate on an AWS EC2 (Amazon Linux AMI) instance running LAMP server.
- Install mod_ssl on your EC2 instance.
sudo yum install -y mod24_ssl
- Get SSL certificates for your domain from RapidSSL
- Once you purchase the certificate you will need to submit request to generate certificates using CSR generated on your server.
- To generate the CSR - SSH onto your server and execute following command:
openssl req -new -newkey rsa:4096 -nodes -keyout private.key -out certificate.csr
- You will be asked to enter info related to your website e.g.
-
Country Name (2 letter code) [XX]: INState or Province Name (full name) []: ChandigarhLocality Name (eg, city) [Default City]: ChandigarhOrganization Name (eg, company) [Default Company Ltd]: XYZ Pvt LtdOrganizational Unit Name (eg, section) []: BLOGCommon Name (eg, your name or your server's hostname) []: mydomain.comEmail Address []: admin@mydomain.com
-
- After submitting request successfully, you will get link to download the certificates such as below:
-
- Select "Apache" in "Server Platform" field
-
- Upload the certificate files to following directories on your EC2 instance:
- /etc/pki/tls/private/private.key
private.key
file is the one created in step-2.b above.
- /etc/pki/tls/certs/certificate.crt
- You will get this file in step-2.c above.
- It would be named such as {some random string}_your_domain_name.crt, please rename it to certificate.crt
- /etc/pki/tls/certs/DigiCertCA.crt
- You will get this file in step-2.c above.
- It would be named such as {some random string}_DigiCertCA.crt, please rename it to DigiCertCA.crt
- /etc/pki/tls/private/private.key
- Edit
/etc/httpd/conf.d/ssl.conf
file to use above paths.-
SSLCertificateFile /etc/pki/tls/certs/certificate.crtSSLCertificateKeyFile /etc/pki/tls/private/private.keySSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt
-
Make sure that HTTPS traffic is allowed on your server.
For more details check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-ami.html
Note:
Sometimes you might also have to add chain certificate.
In such case, please visit https://whatsmychaincert.com and test whether your server is using correct chain certificate.
If not, then you can get the chain certificate from RapidSSL and upload to /etc/pki/tls/certs/server-chain.crt
.
Make sure to edit /etc/httpd/conf.d/ssl.conf
to use appropriate path of the chain certificate.