SSL-Certificate Configuration in AWS Ubuntu Ec2-Instance
Pre-Requirements:
1. Need private key with .ppk format to login server from Windows Machines.
2. Login in to AWS instance using .ppk file via Putty & Winscp Tools for Moving Files.
3. Create RSA private key & csr file in server for Domain.
4. Get SSL certificate from SSL provider based on our server’s CSR File
1.Convert Private key from .pem format to .ppk format:
➢ AWS Provide private key with .pem format to access AWS Instance via CLI.
➢ In Windows, From Putty we can’t use .pem key to login in to the server. So, we need to convert key file from .pem into .ppk format. It is possible with PuttyGen Tool.
➢ Need to load .pem file in to the PuttyGen tool. And select Type of key as SSH-2 RSA & No. of bits as 2048.And click save private key. It will ask, “create private key without passphrase”. Click yes.
➢ It created decrypted .ppk file.
Using this file, we can connect server via putty and Winscp tools from Windows machines.
Winscp Login Page:
2.Creating Certificate Signing Request (CSR) File:
➢ Using openSSL we can create CSR file.
➢ Before creating csr file we need to create RSA private key for SSL with following commands.
mkdir ~/domain.com.ssl/ // Create the folder
cd ~/domain.com.ssl/ // change directory to that folder
RSA key Generation:
openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
CSR File Generation:
openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
While you are creating CSR file you need to give some information which it asks like, Country name ,Area name, Email id , domain name, Company name, .etc.
Once all done . csr file will generate.
3.Buy a SSL Certificate from SSL Provide Using our csr file:
➢ Using this csr key. we need to buy a ssl certificate from provider.
➢ SSL certificate providers give both certificate files.
1. SSL certificate. // Main SSL certificate with .crt format
2. SSL CA Certificate. // SSL Chain Certificate File with named bundle
4.Server Configuration:
In server change directory to following location using following command
Cd /etc/apache2/ssl
In this location move the Three following files.
1. .Key file which is create for csr file creation .
2. Main SSL Certificate File (.crt format)
3. Certificate chain File (named as bundle)
Then Edit default-ssl.conf file in following location /etc/apache2/sites-available/
In this file Edit the Following Lines,
SSLCertificateKeyFile /etc/apache2/ssl/exampledomain.key
SSLCertificateFile /etc/apache2/ssl/exampledomain.crt
SSLCertificateChainFile /etc/apache2/ssl/exampledomain.ca-bundle
After Modifying the file we need to activate SSL Virtual Host with following command
sudo a2ensite default-ssl.conf
Need to restart the apache server to apply the changes.
sudo service apache2 restart
Now check website in Browser. https will be working.
Pre-Requirements:
1. Need private key with .ppk format to login server from Windows Machines.
2. Login in to AWS instance using .ppk file via Putty & Winscp Tools for Moving Files.
3. Create RSA private key & csr file in server for Domain.
4. Get SSL certificate from SSL provider based on our server’s CSR File
1.Convert Private key from .pem format to .ppk format:
➢ AWS Provide private key with .pem format to access AWS Instance via CLI.
➢ In Windows, From Putty we can’t use .pem key to login in to the server. So, we need to convert key file from .pem into .ppk format. It is possible with PuttyGen Tool.
➢ Need to load .pem file in to the PuttyGen tool. And select Type of key as SSH-2 RSA & No. of bits as 2048.And click save private key. It will ask, “create private key without passphrase”. Click yes.
➢ It created decrypted .ppk file.
Using this file, we can connect server via putty and Winscp tools from Windows machines.
Winscp Login Page:
2.Creating Certificate Signing Request (CSR) File:
➢ Using openSSL we can create CSR file.
➢ Before creating csr file we need to create RSA private key for SSL with following commands.
mkdir ~/domain.com.ssl/ // Create the folder
cd ~/domain.com.ssl/ // change directory to that folder
RSA key Generation:
openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
CSR File Generation:
openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
While you are creating CSR file you need to give some information which it asks like, Country name ,Area name, Email id , domain name, Company name, .etc.
Once all done . csr file will generate.
3.Buy a SSL Certificate from SSL Provide Using our csr file:
➢ Using this csr key. we need to buy a ssl certificate from provider.
➢ SSL certificate providers give both certificate files.
1. SSL certificate. // Main SSL certificate with .crt format
2. SSL CA Certificate. // SSL Chain Certificate File with named bundle
4.Server Configuration:
In server change directory to following location using following command
Cd /etc/apache2/ssl
In this location move the Three following files.
1. .Key file which is create for csr file creation .
2. Main SSL Certificate File (.crt format)
3. Certificate chain File (named as bundle)
Then Edit default-ssl.conf file in following location /etc/apache2/sites-available/
In this file Edit the Following Lines,
SSLCertificateKeyFile /etc/apache2/ssl/exampledomain.key
SSLCertificateFile /etc/apache2/ssl/exampledomain.crt
SSLCertificateChainFile /etc/apache2/ssl/exampledomain.ca-bundle
After Modifying the file we need to activate SSL Virtual Host with following command
sudo a2ensite default-ssl.conf
Need to restart the apache server to apply the changes.
sudo service apache2 restart
Now check website in Browser. https will be working.
