Install Certificate in ELB
- Download and install OpenSSL for windows
https://www.openssl.org/community/binaries.html
- Using OpenSSL, type commands to generate private key and CSR
1: Generate private key
openssl genrsa -des3 -out my_domain.pem 1024 [Enter and confirm pass phrase]
2: Generate CSR
openssl req -nodes -newkey rsa:2048 -keyout my_domain.pem -out my_domain.pem
3: Remove pass phrase from key
*copy my_domain.pem to new file and call it my_domain.pem.org
openssl rsa -in my_domain.pem.org -out my_domain.pem
Refer to the below link for explanation about creating private key and CSR:
http://docs.aws.amazon.com/opsworks/latest/userguide/workingsecurity-ssl.html#d0e30448
- Buy CA certificate from certificate authority site like: https://www.ssls.com/
- Activate the certificate using the private key and the CSR generated from OpenSSL , follow the activation instructions
- After receiving the activated certificate add an HTTPS listener to your load balancer, refer to the link below: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-add-or-delete-listeners.html
Attach your domain with your ELB using Amazon Route 53
- Go to Route 53 service https://console.aws.amazon.com/route53/home?region=us-east-1#hosted-zones:
- Create hosted zone
- Enter the name of the new domain and click on create
- Create Record Set for http://www.your-domain.com
- Enter “www” in the Name textbox
- Choose A-IPv4 address from the Type dropdown
- Choose yes from the Alias radiobuttons
- Choose the domain of the load balancer from the Alias Target options textbox
- Choose failover from the Routing Policy dropdown
- Choose Primary from Failover Record Type radiobuttons
- Choose yes from the Evaluate Target Health radiobuttons
- Choose No from the Associate with Health Check radiobuttons
- Click on Create
- Create Record Set for your-domain.com
- Leave the Name field blank
- Choose A-IPv4 address from the Type dropdown
- Choose yes from the Alias radiobuttons
- Choose the domain of the load balancer from the Alias Target options textbox
- Choose failover from the Routing Policy dropdown
- Choose Secondary from Failover Record Type radiobuttons
- Choose yes from the Evaluate Target Health radiobuttons
- Choose No from the Associate with Health Check radiobuttons
- Click on Create
- From the record set of type NS copy the values of the name servers
- In the Domain website go to manage the domain you want to associate with the ELB
- Paste the copied values of the name servers into the Nameservers field of the domain
- It might take some time to register the domain with the name servers (around 30 min. – 1 hour)
Emad Tech Book 