Solitary IT Insights

AWSSSL

In a recent project where I was provisioning an AWS Server for Cloud computing I ran across unexpected problems with installing an SSL certificate.

Originally the project was connecting to the server via RDC direct to either the server domain name which Amazon had created or its external IP address. All of this worked fine. When the client also wanted to include a connection through an HTML5 gateway we ran into some problems. Although you can connect via a browser to the AWS server with both HTTP and HTTPS connections,  you run into certificate issues with HTTPS. Firstly we were using a self-signed certificate. Unfortunately most modern browsers flag this as a security risk and no matter whether you add it as an exception the site is still flagged. You could live with that but it looks unprofessional. Secondly it turns out that although you can theoretically load an SSL certificate, no issuers will issue an SSL to your Amazon domain because Amazon technically owns it. The solution is to buy your own domain, connect it to your server and buy an SSL certificate for it.

So the Steps are:

  1. Open port 443 for the server in the AWS Console
  2. Purchase a Domain name
  3. Attach the Domain to your Servers IP address (DNS record)
  4. Generate a Certificate Request using the new name. Make sure you put in your own email address if you don't have email connected to the new domain.
  5. Purchase an SSL certificate (using the certificate request)
  6. Load the SSL certificate onto your Server

The Certificate Request and Load can be done using Microsoft Management Console (MMC.exe) if you are running a Microsoft Server. Detailed instructions can be found at Creating an Offline Certificate Request in Windows_Server or apache generate csr certificate signing request

For Linux servers see How to Create SSL Certificate Signing Request (CSR) in Linux

(Published 20 Jan 2017)