Install SSL certificates on AWS EC2 (Amazon Linux AMI) using "RapidSSL"

Category: Tech Stuff | Last updated: April 27, 2021

Following are the steps to install SSL certificate on an AWS EC2 (Amazon Linux AMI) instance running LAMP server.

  1. Install mod_ssl on your EC2 instance.
    • sudo yum install -y mod24_ssl
  2. Get SSL certificates for your domain from RapidSSL
    1. Once you purchase the certificate you will need to submit request to generate certificates using CSR generated on your server.
    2. To generate the CSR - SSH onto your server and execute following command:
      1. openssl req -new -newkey rsa:4096 -nodes -keyout private.key -out certificate.csr
      2. You will be asked to enter info related to your website e.g. 
        1. Country Name (2 letter code) [XX]: IN
          State or Province Name (full name) []: Chandigarh
          Locality Name (eg, city) [Default City]: Chandigarh
          Organization Name (eg, company) [Default Company Ltd]: XYZ Pvt Ltd
          Organizational Unit Name (eg, section) []: BLOG
          Common Name (eg, your name or your server's hostname) []: mydomain.com
          Email Address []: admin@mydomain.com
    3. After submitting request successfully, you will get link to download the certificates such as below:
      1. RapidSSL Download Certificates
        1. Select "Apache" in "Server Platform" field
  3. Upload the certificate files to following directories on your EC2 instance:
    • /etc/pki/tls/private/private.key
      • private.key file is the one created in step-2.b above.
    • /etc/pki/tls/certs/certificate.crt
      • You will get this file in step-2.c above.
      • It would be named such as {some random string}_your_domain_name.crt, please rename it to certificate.crt
    • /etc/pki/tls/certs/DigiCertCA.crt
      • You will get this file in step-2.c above.
      • It would be named such as {some random string}_DigiCertCA.crt, please rename it to DigiCertCA.crt
  4. Edit /etc/httpd/conf.d/ssl.conf file to use above paths. 
    • SSLCertificateFile /etc/pki/tls/certs/certificate.crt

      SSLCertificateKeyFile /etc/pki/tls/private/private.key

      SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt

Make sure that HTTPS traffic is allowed on your server.

For more details check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-ami.html

Note:

Sometimes you might also have to add chain certificate.

In such case, please visit https://whatsmychaincert.com and test whether your server is using correct chain certificate.

If not, then you can get the chain certificate from RapidSSL and upload to /etc/pki/tls/certs/server-chain.crt

Make sure to edit /etc/httpd/conf.d/ssl.conf to use appropriate path of the chain certificate.

Search

Category

Get In Touch

Dropping a line to say g’day, ask for my resume or see if we can build something amazing together? I’d love to hear from you!

Email me at

Follow me: