Bethany DrouinによるPixabayからの画像
Sometimes, I create SSL Self-Signed Certificate (RSA) using openssl command and applying it to a Web server for some tests.
But, I’m easy to forget such commands. So, I wrote this to reduce my research time. AWS Application Load Balancer (ALB) setting is just additional for AWS begineer.
At first, please generate a private key using the following command.
$ openssl genrsa -out ./server.key 2048
And then, please generate a public key with the following command. I use AWS Tokyo region, so I set “*.ap-northeast-1.elb.amazonaws.com” as “Common Name”.
$ openssl req -new -key ./server.key -out ./server.csr … Country Name (2 letter code) []:JP State or Province Name (full name) []:Tokyo Locality Name (eg, city) []:Unknown Organization Name (eg, company) []:zuqqhi2 Organizational Unit Name (eg, section) []: Common Name (eg, fully qualified host name) []:*.ap-northeast-1.elb.amazonaws.com Email Address []: … A challenge password []:
You can create Self-Signed Certificate using the following command with the private/public key.
$ openssl x509 -in ./server.csr -days 365 -req -signkey ./server.key -out ./server.crt
At first, please import the certificate to AWS Certificate Manager (ACM) .
Please click “Import a certificate” button on ACM console.
Please copy contents of server.crt to “Certificate body” and contents of server.key to “Certificate private key”. Please keep “Certificate chain” empty and click “Next” button. (the following screen shot shows error but please ignore)
Please click “Review and import” button at next screen, and then please click “import” button.
You finished to import your Self-Signed Certificate to ACM.Please create an EC2 instance with the following setting as ALB backend. Other parameters are default. And on the premise that default VPC has an internet gateway, I share how to set ALB with HTTPS from here.
| Parameter | Value |
| Amazon Machine Image (AMI) | Amazon Linux 2 AMI (HVM), SSD Volume Type 01748a72bed07727c |
| Instance Type | t2.micro |
| User Data | #!/bin/bash sudo yum update -y sudo yum install -y httpd echo Welcome to $HOSTNAME > /var/www/html/index.html service httpd start chkconfig httpd on |
| Security Group | default |
Please create a Target Group (all parameters except name are default), and please add the created EC2 instance to this target group.
At last, please create an ALB with the following setting.
| Parameter | Value |
| Load Balancer Type | Application Load Balancer |
| Name | Please set what you want |
| Load Balancer Protocol | Please click “Add listener”, and set “HTTPS” as protocol and “443” as port. |
| Availability Zones | Please select all of ap-northeast-1a , ap-northeast-1c , ap-northeast-1d. |
| Configure Security Settings | Certificate Type: Choose a certificate from ACM Certificate Name: What you created |
| Security Group | – default – Security group which has the following inbound rule Type: HTTP 、HTTPS Source: My IP |
| Target Group | Target Group: Existing Target Group Name: What you created |
When provisioning of ALB, please access to ALB DNS name with HTTPS.
Please ignore browser error. If you are using Google Chrome, please type “thisisunsafe” at warning page.
If you see “Welcome to …”, you’re setting was correct.
Streamlit is a …
I bought M5Stac…
