User Tools

Site Tools


Amazon Cloud How to

These are the commands i have used during my course of action.

Sending Regular SSL / Key / Bundle to ELB

Forget what they say and print on form.

Format require -

  • Key - RSA
  • CRT - x509
  • CA Bundle - What ever supplied.

Usually that's the standard form of information you have used on Apache so just use it.

NOTE : - In case your key through an error try using following command

openssl rsa -in -text

Now look at the end you will see RSA Cert with standard Enclosure “—– <TYPE> —–”

Now if you have PKCS12 Exported Certs then please follow instruction below to get key / certs.

| Extracting Keys
openssl pkcs12 -nocerts -in export_test.p12 -out
| Extracting Certificate
openssl pkcs12 -clcerts -nokeys -in export_test.p12 -out

For further Help see “openssl pkcs12 –help”

Now you need to convert key to RSA.

| converting previously generated key to RSA
openssl rsa -in -out

At this point you are almost done, you just need to upload it to LB.
Considering you already have existing LB.

| Upload Certificate to Amazon
iam-servercertupload -b -c gd_bundle.crt -k -d -s

You can list all your certificate on amazon.

| List All your certificate

Now Assign certificate to ELB.

You can change your certificate assignment live.
Simply add new certificate and do next step replace existing assignment.

| assign certificate to port
elb-set-lb-listener-ssl-cert test-lb --lb-port 9031 --cert-id 'arn:aws:iam::123456789101:server-certificate/'

You are good to GOLDEN

Playing with Amazon ELB

Create LB using ELB API

| Create lb
elb-create-lb elb-test1 --availability-zones us-east-1b --listener "protocol=http, lb-port=80, instance-port=9130" --listener "protocol=https, lb-port=443, instance-port=9130,cert-id=arn:aws:iam::123456789101:server-certificate/"
| Register Instance
elb-register-instances-with-lb elb-test1 --instances i-12345678
| Register Listeners on ELB
elb-create-lb-listeners v3-test --listener "lb-port=9145,instance-port=9145,protocol=https,instance-protocol=https,cert-id=arn:aws:iam::123456789101:server-certificate/" 
aws_how_to.txt · Last modified: 2011/10/26 14:25 by k2patel