Comodo, the leading Internet Security Provider offers Free Antivirus, SSL Certificate and other Internet Security related products with complete protection. In this post I will walk you through the setup of SSL in Amazon CloudFront (the process is common to all Amazon services)
AWS need that all your certificates are in PEM format. They are two main of encoding certificate:
DER: is a binary encoding of a certificate. Typically these use the file extension of
PEM: is a Base64 encoding of a certificate represented in ASCII therefore it is readable as a block of text. This is very useful as you can open it in a text editor work with the data more easily.
Comodo certificate are delivered in DER format
.crt, so we need to convert them to
Convert crt to PEM
Amazon AWS need:
- Your issued certificate
- Your private key
- The CAChain certificate that include all intermediate and Root CA certificate.
Comodo send you 4 certificates:
- <your_issued_certificate_name>.crt: for instance
cdn_guillaumemaka_com.crtin my case.
First cding to the folder containning all your certificates:
Then convert all certificates:
1 2 3 4
x509: The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a “mini CA” or edit certificate trust settings.
-in <filename>: This specifies the input filename to read a certificate from or standard input if this option is not specified.
-outform PEM: This specifies the output format. In this case
-out filename: This specifies the output filename to write to or standard output by default.
Convert the private key:
rsa: The rsa command processes RSA keys.
Create a CAChain
1 2 3
- Warning: You must construct the CAChain in descending order. Z->A
Now you should have a folder structure like this:
1 2 3 4 5 6 7 8 9 10 11 12
--path /cloudfront/productionoptions specify that we the certificate to be available only in the CloudFront service.
Bonus: Setup CloudFront HTTPS End Point
1) Login to your Amazon AWS Account
2) Go to the CloudFront console.
3) Click on the id of your cloudfront instance.
4) Click Edit.
5) Select the option Custom SSL Certificate and select the certificate previously uploaded. Go to the bottom of the page and click Save.
6) On the main page got to the Behaviors tab then click Create Behavior.
7) Configure the behavior:
- Path pattern: the sub path of the url you want to add a behavior.
- Viewer Policy: select Redirect HTTP to HTTPS.
- Allow HTTP Method: select GET, HEAD (I configuring a CDN, so I just need GET and HEAD request).
8) Click Create.
That’s it ! Open the url in your browser and check if the HTTP url redirect to HTTPS.
1 2 3 4 5 6 7 8 9 10 11