Configure AWS load balancer with SSL certificates from Gandi
This article will summarize the different steps to follow to configure your Amazon Web Service load balancer with using a SSL certificate. GANDI is the Certificate Authority used to generate the SSL certificate used in this article.
The article is composed as below:
- Install AWS command line interface
- Configure credentials
- Ensure you have all the requirements
- Upload your certificate using the AWS CLI
- Configure your load balancer
Do not hesitate to comment in case of question.
- Install PIP by following the procedure: https://pip.pypa.io/en/stable/installing
- Install AWS CLI : http://docs.aws.amazon.com/cli/latest/userguide/installing.html
pip install awscli --upgrade --user
-
As specified in AWS documentation, modify your environment PATH to add the binaries folder where AWSCLI has been installed. For me, under macOS, it has been installed in the folder /Users/username/Library/Python/x.x/bin
-
Now you should be able to use the aws command. You can verify by executing the following:
aws --version
- Now the AWS CLI is installed, you need to configure the credentials to access to your AWS account. Personnally, I used the environment variables.
https://docs.aws.amazon.com/cli/latest/userguide/cli-environment.html
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AWS_DEFAULT_REGION=us-west-2
Once you ordered the SSL certificate to your certificate provider, you should have the following files:
- A public key (certificate-1234.crt)
- A private key (myserver.key)
- A certificate chain (GandiStandardSSLCA2.pem)
The full procedure is explained in AWS documentation: http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html
The magic command to use with my files is:
aws iam upload-server-certificate \
--server-certificate-name myServerCertificate \
--certificate-body file://certificate-1234.crt \
--private-key file://myserver.key \
--certificate-chain file://GandiStandardSSLCA2.pem
- Connect to the AWS console
- Choose EC2 service
- Go to Load Balancing section
- Then Load Balancer
- In the list, select the concerned load balancer
- Go to the tab Listeners and click on Change to select the SSL certificate you just uploaded