I wrote the article how to generate RSA SSL Self-Signed Certificate and how to apply it to AWS Application Load Balancer last month.
I studied how to ECDSA SSL Self-Signed Certificate same time. So I’ll share it as well.
How to generate Self-Signed Certificate
At first, please generating a private key using the following command.
And then, please generate a public key with the following command. I use AWS Tokyo region, so I set “*.ap-northeast-1.elb.amazonaws.com” as “Common Name”.
$ openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) :Tokyo
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:zuqqhi2
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :*.ap-northeast-1.elb.amazonaws.com
Email Address :
A challenge password :
An optional company name :
$ openssl req -text -noout -in server.csr
You can create Self-Signed Certificate using the following command with the private/public key.
Basically it’s same as the article as I shared. But, ACM cannot import ECDSA SSL certificate as of now. So, please import ECDSA SSL certificate with IAM. You can do it on ALB HTTPS listener setting.
Note that you should copy server.key without between “BEGIN PARAMETERS” and “END EC PARAMETERS” during importing private key.
If you need to support RSA and ECDSA cipher suites, please refer to the following article (sorry, it’s Japanese article. Please use any translation tool).