Installing SSL on Amazon CloudFront
We have just installed SSL on our Amazon CloudFront. We followed this blog post from Bryce which I think it’s really good already. However, I was stuck on the last part where you have to upload the certificate to IAM. The difference is that I had to concatenate the crt files myself and I didn’t know how to do it. So I spent quite a long time to figure it out. I thought I would write this so it might help save sometime for anybody.
If your SSL providers gave you the chained certificate already, then you don’t have to do anything else. However, when I downloaded my crt files I found this
1 2 3 4
And I’m shocked. So, I thought I would need to upload all of them three times which I did but only one got through and I thought the others must have been backup or some kind (I know I’m pretty stupid). So, I used SSL Checker to check and the site said my trust is broken. I thought how could it be I did everything right.
It turned out that I didn’t upload all of the chained certificate. So, I went again and I tried to upload the second file which I got a nice error from Amazon that my certificate is malformed. I’m stumped again.
After a lot of digging and reading. I have to figured out the order of certificates and concatenate all the certificates in the right order until the root. You can ask your SSL provider if you want a quicker answer but I went the hard way.
You can run this command
You should start with your domain.crt file which will be something like this
1 2 3 4 5 6 7 8 9 10 11
You just need to look for Issuer which will tell you what is your next immediate certificate. In this case Trusted Secure Certificate Authority 5 is my first certificate and then you go on and do the next one.
You will get something like this
1 2 3 4 5 6 7 8 9 10 11
It means USERTrust is the next certificate then repeat the process again until you see this.
1 2 3 4 5 6 7 8 9 10
If Issuer is the same as Subject that means this certificate is the root which is going to be the last. Now, what you can do is to concatenate in the correct order of all the certificates.
You can use this command or you can use your favourite editor to do as well.
Then when you’re ready to upload the certificate to Amazon you can just do this.
1 2 3 4 5
The –certificate-chain should be your concatenated certificates.
The format of the pem should be something like this.
1 2 3 4 5 6