A 5-minutes recipe for setting up SSL on AWS CloudFront using your own domain and your own SSL certificate. From scratch.
Creating the certificate
First, you need to get an SSL certificate for your domain. I bought a Comodo PositiveSSL.
To issue the certificate, you must generate the certificate CSR.
We start by creating a key:
$ openssl genrsa -aes256 -out example_com-encrypted.key 2048
Next, we generate the certificate (leave email empty):
$ openssl req -new -sha256 -key example_com-encrypted.key -out example_com.csr
Now you can upload the CSR file.
Once you get back your certificate, you must concat all the intermediate certificate in a single file:
$ cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > intermediate.crt
We also need to decrypt the certificate key:
$ openssl rsa -in example_com-encrypted.key -out example_com.key
Upload to AWS IAM
You can't upload the certificate via AWS console, you will need to install the aws CLI:
$ sudo apt-get install python-pip
$ sudo pip install awscli
$ aws configure
And finally, you can upload the certificate to IAM:
$ aws iam upload-server-certificate --server-certificate www.example.com --certificate-body file://example_com.crt --private-key file://example_com.key --certificate-chain file://intermediate.crt --path /cloudfront/www.example.com/
Create/update your CloudFront distribution
Now you can now create/update your CloudFront distribution and configure the bucket/CNAME accordingly.
Your feedback
Please share your feedback or any tip you might have!
Tip with Bitcoin
Tip me with Bitcoin and vote for this post!
Leave a comment