Comodo, the leading Internet Security Provider offers Free Antivirus, SSL Certificate and other Internet Security related products with complete protection. In this post I will walk you through the setup of SSL in Amazon CloudFront (the process is common to all Amazon services)
AWS need that all your certificates are in PEM format. They are two main of encoding certificate:
DER: is a binary encoding of a certificate. Typically these use the file extension of.crtor.cert.PEM: is a Base64 encoding of a certificate represented in ASCII therefore it is readable as a block of text. This is very useful as you can open it in a text editor work with the data more easily.
Comodo certificate are delivered in DER format .crt, so we need to convert them to PEM.
Certificates Setup
Convert crt to PEM
Amazon AWS need:
- Your issued certificate
- Your private key
- The CAChain certificate that include all intermediate and Root CA certificate.
Comodo send you 4 certificates:
- AddTrustExternalCARoot.crt
- <your_issued_certificate_name>.crt: for instance
cdn_guillaumemaka_com.crtin my case. - COMODORSAAddTrustCA.crt
- COMODORSADomainValidationSecureServerCA.crt
First cding to the folder containning all your certificates:
| |
Then convert all certificates:
| |
x509: The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a “mini CA” or edit certificate trust settings.-in <filename>: This specifies the input filename to read a certificate from or standard input if this option is not specified.-outform PEM: This specifies the output format. In this casePEM.-out filename: This specifies the output filename to write to or standard output by default.
Convert the private key:
| |
rsa: The rsa command processes RSA keys.
Create a CAChain
| |
Now you should have a folder structure like this:
| |
Upload
aws iam upload-server-certificate --server-certificate-name CDNServerCertificate --certificate-body file://cdn_guillaumemaka_com.pem --private-key file://private.key.pem --certificate-chain file://CAChain.pem --path /cloudfront/production/
--path /cloudfront/production options specify that we the certificate to be available only in the CloudFront service.Bonus: Setup CloudFront HTTPS End Point
- Login to your Amazon AWS Account
{% link_img center /images/aws-image-01.png %}
- Go to the CloudFront shell.
{% link_img center /images/aws-cloudfront-image-01.png %}
- Click on the id of your cloudfront instance.
{% link_img center /images/aws-cloudfront-image-02.png %}
- Click Edit.
{% link_img center /images/aws-cloudfront-image-03.png %}
- Select the option Custom SSL Certificate and select the certificate previously uploaded. Go to the bottom of the page and click Save.
{% link_img center /images/aws-cloudfront-image-04.png %}
- On the main page got to the Behaviors tab then click Create Behavior.
{% link_img center /images/aws-cloudfront-image-05.png %}
- Configure the behavior:
{% link_img center /images/aws-cloudfront-image-06.png %}
- Path pattern: the sub path of the url you want to add a behavior.
- Viewer Policy: select Redirect HTTP to HTTPS.
- Allow HTTP Method: select GET, HEAD (I configuring a CDN, so I just need GET and HEAD request).
- Click Create.
That’s it ! Open the url in your browser and check if the HTTP url redirect to HTTPS.
| |