Whenever you need to enable the HTTPS secure communication for your website, if your are using AWS, ELB is a cool service on which you can define your SSL certificate and termination and scale the nodes without considering the certificate. ELB is able to perform SSL termination and communicate with the nodes with HTTP.
First of all you need to create a CSR (Certificate Signing Request), assuming you need Wildcard SSL, CN is *.domain.com :
openssl req -new -newkey rsa:2048 -nodes -out star_domain_com.csr -keyout star_domain_com_private.key -subj "/C=TR/ST=Istanbul/L=Istanbul/O=domain/OU=IT/CN=*.domain.com"
There will be 2 output files:
1. star_domain_com_private.key : This will be your private key
2. star_domain_com.csr : This will be used to request the certificate from a Certificate Authority
Next step is, by the help of CSR, to initiate the SSL certificate request from a certificate authority of your choice.
You will be provided from Certificate Authority, a Public Key:
AWS is expecting from you a PEM format. In order to achieve that, you need to convert your certificate from CRT to PEM using openssl:
openssl x509 -in d06409309fccd3b.crt -out domain_public.pem -outform PEM
For the private key you already created, which is RSA, you also need to convert it to PEM:
openssl rsa -in star_domain_com_private.key -text > domain_private.pem
The next phase is uploading the public and private key to AWS in PEM format:
AWS –> EC2 –> Load Balancers
Create or open a current Load Balancer –> Listeners –> Add –> HTTPS –> Change –> Upload a new SSL Certificate
Copy and paste the public and private keys into the fields and Save