Sometimes, I create SSL Self-Signed Certificate (RSA) using openssl command and applying it to a Web server for some tests.
But, I’m easy to forget such commands. So, I wrote this to reduce my research time. AWS Application Load Balancer (ALB) setting is just additional for AWS begineer.
How to generate Self-Signed Certificate
At first, please generate a private key using the following command.
$ openssl genrsa -out ./server.key 2048
And then, please generate a public key with the following command. I use AWS Tokyo region, so I set “*.ap-northeast-1.elb.amazonaws.com” as “Common Name”.
$ openssl req -new -key ./server.key -out ./server.csr … Country Name (2 letter code) :JP State or Province Name (full name) :Tokyo Locality Name (eg, city) :Unknown Organization Name (eg, company) :zuqqhi2 Organizational Unit Name (eg, section) : Common Name (eg, fully qualified host name) :*.ap-northeast-1.elb.amazonaws.com Email Address : … A challenge password :
You can create Self-Signed Certificate using the following command with the private/public key.
$ openssl x509 -in ./server.csr -days 365 -req -signkey ./server.key -out ./server.crt
Applying Self-Signed Certificate to AWS ALB
At first, please import the certificate to AWS Certificate Manager （ACM） .
Please click “Import a certificate” button on ACM console.
Please copy contents of server.crt to “Certificate body” and contents of server.key to “Certificate private key”. Please keep “Certificate chain” empty and click “Next” button. (the following screen shot shows error but please ignore)
Please click “Review and import” button at next screen, and then please click “import” button.You finished to import your Self-Signed Certificate to ACM.
Please create an EC2 instance with the following setting as ALB backend. Other parameters are default. And on the premise that default VPC has an internet gateway, I share how to set ALB with HTTPS from here.
|Amazon Machine Image (AMI)||Amazon Linux 2 AMI (HVM), SSD Volume Type|
sudo yum update -y
sudo yum install -y httpd
echo Welcome to $HOSTNAME > /var/www/html/index.html
service httpd start
chkconfig httpd on
Please create a Target Group (all parameters except name are default), and please add the created EC2 instance to this target group.
At last, please create an ALB with the following setting.
|Load Balancer Type||Application Load Balancer|
|Name||Please set what you want|
|Load Balancer Protocol||Please click “Add listener”, and set “HTTPS” as protocol and “443” as port.|
|Availability Zones||Please select all of ap-northeast-1a , ap-northeast-1c , ap-northeast-1d.|
|Configure Security Settings||Certificate Type: Choose a certificate from ACM|
Certificate Name: What you created
|Security Group||– default|
– Security group which has the following inbound rule
Type: HTTP 、HTTPS
Source: My IP
|Target Group||Target Group: Existing Target Group|
Name: What you created
When provisioning of ALB, please access to ALB DNS name with HTTPS.
Please ignore browser error. If you are using Google Chrome, please type “thisisunsafe” at warning page.
If you see “Welcome to …”, you’re setting was correct.