Setting Up SSL on AWS CloudFront Using your Own Domain

A 5-minutes recipe for setting up SSL on AWS CloudFront using your own domain and your own SSL certificate. From scratch.

Creating the certificate

First, you need to get an SSL certificate for your domain. I bought a Comodo PositiveSSL.

To issue the certificate, you must generate the certificate CSR.

We start by creating a key:

$ openssl genrsa -aes256 -out example_com-encrypted.key 2048

Next, we generate the certificate (leave email empty):

$ openssl req -new -sha256 -key example_com-encrypted.key -out example_com.csr

Now you can upload the CSR file.

Once you get back your certificate, you must concat all the intermediate certificate in a single file:

$ cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > intermediate.crt

We also need to decrypt the certificate key:

$ openssl rsa -in example_com-encrypted.key -out example_com.key

Upload to AWS IAM

You can't upload the certificate via AWS console, you will need to install the aws CLI:

$ sudo apt-get install python-pip
$ sudo pip install awscli
$ aws configure

And finally, you can upload the certificate to IAM:

$ aws iam upload-server-certificate --server-certificate --certificate-body file://example_com.crt --private-key file://example_com.key --certificate-chain file://intermediate.crt --path /cloudfront/

Create/update your CloudFront distribution

Now you can now create/update your CloudFront distribution and configure the bucket/CNAME accordingly.

Your feedback

Please share your feedback or any tip you might have!

You should follow me on Twitter

Share this article

Tip with Bitcoin

Tip me with Bitcoin and vote for this post!


Leave a comment

© Thomas Sileo. Powered by Pelican and hosted by DigitalOcean.