Learn how to install an SSL Certificate on AWS EC2 Instance
Cloud services have seen a massive surge in adoption due to the recent pandemic. However, the sudden need for migration towards cloud services has caused a huge security issue for any organization. According to the ‘State of Cloud Security 2020 Report’ by Sophos, 66% of businesses leave back doors open to attackers through misconfigured cloud services. So, cloud service security configuration is essential for your organization.
Amazon EC2(Elastic Compute Cloud) is a virtual cloud infrastructure service that offers excellent features like auto-scaling, high availability, and a pay-per-use model. In addition, the hardware of the service is fragmented into several resources that provide scalable instances for processing power.
Such instances can be accessed by HTTP or HTTPS APIs, and that is why you need to install an SSL certificate on the AWS EC2 instance. It will enable secure access to instances and prevent your cloud-based operations from being exposed to cyber threats. In addition, SSL or Secure Sockets Layer certification ensures a secure channel between different machines over the internet or private network.
So, let’s not waste more time and discuss how you can install an SSL certificate on the AWS EC2 instance to improve security.
Prerequisites for installing an SSL certificate on the AWS EC2 instance.
One of the most significant prerequisites for installing an SSL certificate on the AWS EC2 instance is the certification that you can get from organizations like ClickSSL. It is essential to have high-quality SSL certification to ensure better security. So, you need to compare different services and select the best one.
Next, you may need to have an intermediate certificate which often comes in a bundle with the SSL certificate. If not, you can download the intermediate certificate with a private key from your service provider. Now that you have the certificate ready next step will be to convert your SSL certificate into PEM() format for installation on AWS EC2 instances.
You can either use a convertor tool or an OpenSSL command. Here is an example of PEM conversion using OpenSSL command with.p12 file, which is by default appears when you create Certificate Signing Request (CSR) through Internet Information Services (IIS) Manager.
openssl pkcs12 -in /file-path/source-file.p12 -out /file-path/destination-file.pem
Similarly, you can use the OpenSSL to convert the intermediate certificates into PEM formats.
openssl x509 -inform der -in /file-path/source-file.cer -out /file-path/destination-file.pem
Apart from the SSL certificate and intermediate certificate, you need to convert public or private keys into PEM format. Use the below code in OpenSSL to convert security keys from PKCS#1 to PKCS#8.
openssl rsa -in newkey.pem -out newkey.pem
Now that the conversion is completed, you can start the final stage to install an SSL certificate on the AWS EC2 instance which will first need to upload all the certification and security keys.
Steps to Install an SSL certificate on the AWS EC2 instance
With all your certificates and security keys ready for upload, you need to follow the following steps,
- Log in to your Amazon EC2 account.
- Choose ‘Network & Security from the navigation bar on the left side.
- Now select the option of “Load Balancer.”
- Choose the load balancer where you need to upload the certificate.
- Now go to the listener tab and click on “Edit” and then “Add.”
- Choose HTTPS protocol and click on “Upload a new certificate to AWS Identity and Access Management (IAM).” which you can find under SSL certificate.
- Now enter details regarding your SSL certificate, including name, provider’s details, public and private keys with certificate files.
- To upload, paste the converted key details as given below and then click on save.
For private key-
—–BEGIN RSA PRIVATE KEY—–” and “—–END RSA PRIVATE KEY—–
For public key-
—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–
For SSL certificates-
—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–
Once you click on the save button, your SSL certificate is now uploaded. AWS Identity and Access Management (IAM) will verify your SSL certificate details like,
- Files of certificates are in X.509 PEM format
- Private keys match the certificate
- Private keys are not encrypted and are converted to the compatible format.
Give the system five minutes to implement the changes and then restart the Amazon EC2 account. After installing an SSL certificate on the AWS EC2 instance, the first thing to do is testing it. You can use the OpenSSL command given below or any other SSL checker,
openssl s_client -showcerts -connect enter_domain.com:port_number
If there is a missing intermediate certificate, you may receive an error code 21. It means that you need to check on the certificate chain for missing ones.
As we move towards the post-pandemic era, cloud migrations are prudent, and so are the unique ways cyber-attacks will occur. So, it becomes vital for your business to opt for a reliable SSL certification from trusted providers. So, don’t let hackers bring down your operations when you can easily install an SSL certificate on the AWS EC2 instance for higher security.