Generating SSL Self-Signed Certificate And Applying To AWS Application Load Balancer

Sometimes, I create SSL Self-Signed Certificate (RSA) using openssl command and applying it to a Web server for some tests.

But, I’m easy to forget such commands. So, I wrote this to reduce my research time. AWS Application Load Balancer (ALB) setting is just additional for AWS begineer.

How to generate Self-Signed Certificate

At first, please generate a private key using the following command.

$ openssl genrsa -out ./server.key 2048

And then, please generate a public key with the following command. I use AWS Tokyo region, so I set “*.ap-northeast-1.elb.amazonaws.com” as “Common Name”.

$ openssl req -new -key ./server.key -out ./server.csr
…
Country Name (2 letter code) []:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) []:Unknown
Organization Name (eg, company) []:zuqqhi2
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:*.ap-northeast-1.elb.amazonaws.com
Email Address []:
…
A challenge password []: 

You can create Self-Signed Certificate using the following command with the private/public key.

$ openssl x509 -in ./server.csr -days 365 -req -signkey ./server.key -out ./server.crt

Applying Self-Signed Certificate to AWS ALB

At first, please import the certificate to AWS Certificate Manager (ACM) .

Please click “Import a certificate” button on ACM console.

Please copy contents of server.crt to “Certificate body” and contents of server.key to “Certificate private key”. Please keep “Certificate chain” empty and click “Next” button. (the following screen shot shows error but please ignore)

Please click “Review and import” button at next screen, and then please click “import” button.

You finished to import your Self-Signed Certificate to ACM.

Please create an EC2 instance with the following setting as ALB backend. Other parameters are default. And on the premise that default VPC has an internet gateway, I share how to set ALB with HTTPS from here.

ParameterValue
Amazon Machine Image (AMI)Amazon Linux 2 AMI (HVM), SSD Volume Type
01748a72bed07727c
Instance Typet2.micro
User Data#!/bin/bash
sudo yum update -y
sudo yum install -y httpd
echo Welcome to $HOSTNAME > /var/www/html/index.html
service httpd start
chkconfig httpd on
Security Groupdefault

Please create a Target Group (all parameters except name are default), and please add the created EC2 instance to this target group.

At last, please create an ALB with the following setting.

ParameterValue
Load Balancer TypeApplication Load Balancer
NamePlease set what you want
Load Balancer ProtocolPlease click “Add listener”, and set “HTTPS” as protocol and “443” as port.
Availability ZonesPlease select all of ap-northeast-1a , ap-northeast-1c , ap-northeast-1d.
Configure Security SettingsCertificate Type: Choose a certificate from ACM
Certificate Name: What you created
Security Group– default
– Security group which has the following inbound rule
Type: HTTP 、HTTPS
Source: My IP
Target GroupTarget Group: Existing Target Group
Name: What you created

When provisioning of ALB, please access to ALB DNS name with HTTPS.

Please ignore browser error. If you are using Google Chrome, please type “thisisunsafe” at warning page.

If you see “Welcome to …”, you’re setting was correct.

zuqqhi2