Configure AWS load balancer with SSL certificates from Gandi

This article will summarize the different steps to follow to configure your Amazon Web Service load balancer with using a SSL certificate. GANDI is the Certificate Authority used to generate the SSL certificate used in this article.

The article is composed as below:

  • Install AWS command line interface
  • Configure credentials
  • Ensure you have all the requirements
  • Upload your certificate using the AWS CLI
  • Configure your load balancer

Do not hesitate to comment in case of question.

Install AWS command line interface

pip install awscli --upgrade --user
  • As specified in AWS documentation, modify your environment PATH to add the binaries folder where AWSCLI has been installed. For me, under macOS, it has been installed in the folder /Users/username/Library/Python/x.x/bin

  • Now you should be able to use the aws command. You can verify by executing the following:

aws --version

Configure credentials

  • Now the AWS CLI is installed, you need to configure the credentials to access to your AWS account. Personnally, I used the environment variables.

https://docs.aws.amazon.com/cli/latest/userguide/cli-environment.html

export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE 
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY 
export AWS_DEFAULT_REGION=us-west-2

Ensure you have all the required files

Once you ordered the SSL certificate to your certificate provider, you should have the following files:

  • A public key (certificate-1234.crt)
  • A private key (myserver.key)
  • A certificate chain (GandiStandardSSLCA2.pem)

Upload your certificate to AWS using AWS CLI

The full procedure is explained in AWS documentation: http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html

The magic command to use with my files is:

aws iam upload-server-certificate \
--server-certificate-name myServerCertificate \
--certificate-body file://certificate-1234.crt \
--private-key file://myserver.key \
--certificate-chain file://GandiStandardSSLCA2.pem

Configure your load balancer listener

  • Connect to the AWS console
  • Choose EC2 service
  • Go to Load Balancing section
  • Then Load Balancer
  • In the list, select the concerned load balancer
  • Go to the tab Listeners and click on Change to select the SSL certificate you just uploaded