AWS SSL Certificates for Elastic Beanstalk are a pain to configure so I put together the following.
Certs are not packaged with the war file, but are specified as part of the environment configuration. A procedure for using SSL with Elastic Beanstalk is:
The best documentation I found for this is here.
The IAM command-line tool can be found here.
3. Execute iam-servercertupload with the certificate you wish to use. The result of this command will give you an IAM ARN for your certificate.
This command can be tricky. The following will work. You will need to replace your parameters accordingly.
|
1
|
iam-servercertupload -b APP.MOBILEAWS.COM.crt -c network_first_add_trust_second_carriage_return.pem -k private-key.pem -s mobileaws_cert_chain_2013 -v |
The -b argument will be the Cert that the certicate vendor gives you back.
The -c argument will need to be a concatenation of the other 2 certs that the certificate vendor gives you back.
The -k will need to be the private key that you used to generate the CSR.
4. Go to the AWS Elastic Beanstalk console to enable SSL support. Select a running environment and under Actions -> Edit Config -> Load Balancers, you can set the HTTPS port to either 443 or 8443 and then fill in the SSL Certificate Id with the ARN from the command executed above.
When you run the iam-servercertupload command you will get a bunch of mumbo jumbo back.
What you want is
arn:aws:iam::390195603535:server-certificate/mobileaws_cert_chain_2013
If you fail to copy this out, you can always do
|
1
|
iam-servercertgetattributes -s certificate_object_name |
This will return something along the lines of
arn:aws:iam::390195603535:server-certificate/mobileaws_cert_chain
ASCAI27AVTTBDM5RKNNY2
