Table of Contents
Amazon Cloud How to
These are the commands i have used during my course of action.
Sending Regular SSL / Key / Bundle to ELB
Forget what they say and print on form.
Format require -
- Key - RSA
- CRT - x509
- CA Bundle - What ever supplied.
Usually that's the standard form of information you have used on Apache so just use it.
NOTE : - In case your key through an error try using following command
openssl rsa -in www.k2patel.in.key -text
Now look at the end you will see RSA Cert with standard Enclosure “—– <TYPE> —–”
Now if you have PKCS12 Exported Certs then please follow instruction below to get key / certs.
- | Extracting Keys
openssl pkcs12 -nocerts -in export_test.p12 -out www.k2patel.in.key
- | Extracting Certificate
openssl pkcs12 -clcerts -nokeys -in export_test.p12 -out www.k2patel.in.crt
For further Help see “openssl pkcs12 –help”
Now you need to convert key to RSA.
- | converting previously generated key to RSA
openssl rsa -in www.k2patel.in.key -out www.k2patel.in.RSA.key
At this point you are almost done, you just need to upload it to LB.
Considering you already have existing LB.
- | Upload Certificate to Amazon
iam-servercertupload -b www.k2patel.in.crt -c gd_bundle.crt -k www.k2patel.in.com.rsa.key -d -s www.k2patel.in
You can list all your certificate on amazon.
- | List All your certificate
iam-servercertlistbypath
Now Assign certificate to ELB.
NOTE :
You can change your certificate assignment live.
Simply add new certificate and do next step replace existing assignment.
- | assign certificate to port
elb-set-lb-listener-ssl-cert test-lb --lb-port 9031 --cert-id 'arn:aws:iam::123456789101:server-certificate/www.k2patel.in'
You are good to GOLDEN
Playing with Amazon ELB
Create LB using ELB API
- | Create lb
elb-create-lb elb-test1 --availability-zones us-east-1b --listener "protocol=http, lb-port=80, instance-port=9130" --listener "protocol=https, lb-port=443, instance-port=9130,cert-id=arn:aws:iam::123456789101:server-certificate/www.k2patel.in"
- | Register Instance
elb-register-instances-with-lb elb-test1 --instances i-12345678
- | Register Listeners on ELB
elb-create-lb-listeners v3-test --listener "lb-port=9145,instance-port=9145,protocol=https,instance-protocol=https,cert-id=arn:aws:iam::123456789101:server-certificate/www.k2patel.in"
