How to setup SSL with key and CRT file in AWS

In this article, I will show you how can you install SSL certificate in your AWS ec2 instance by using a CRT file and KEY file. SSL certificates help you to protect your Data from Hackers and also Affirms your Identity. It’s not only adds security to your site but also ranks higher in Google Search Result.

How to Install SSL Certificate

To install SSL let’s first create an EC2 instance into your AWS account. I have an article regarding to creating of an EC2 instance is listed here. Once you have created an EC2 instance, then connect to your instance using Putty or Terminal.

SSL certificates are issued by a certificate provider company like Comodo or Verisign. So your need to purchase an SSL certificate from the certificate providing company.

Once you collected SSL certificate files from the provider then you need to run the following commands to install SSL.

Install mod_ssl by running this command.

sudo yum install mod24_ssl -y

Next, check if the mod_ssl is installed or not by running this command.

apachectl -M | grep ssl 

This command will output something like this.
(should output ssl_module (shared) ) 

Then look for apache SSL config find /etc/ -type f -name *ssl*
(possible output /etc/pki/tls/openssl.cnf/etc/httpd/conf.modules.d/00-ssl.conf/etc/httpd/conf.d/ssl.conf )

Now open this file to create a virtual host for SSL  

sudo vi /etc/httpd/conf.d/vhost.conf

Here is an example given for virtual host.

<VirtualHost *:443>

  # REQUIRED. Set this to the host/domain/subdomain that
  # you want this VirtualHost record to handle.

  ServerName xyz.nl

  # Optional. You can specify additional host names that
  # serve up the same site. This can be top-level, domains,
  # sub-domains, and can even use wildcard subdomains such
  # as *.yourdomain.com - just separate each host name
  # with a single space.

  ServerAlias www.xyz.nl

  # REQUIRED. Set this to the directory you want to use for
  # this vhost site's files.

  DocumentRoot /var/www/xyz/html

  # Optional. Uncomment this and set it to your admin email
  # address, if you have one. If there is a server error,
  # this is the address that Apache will show to users.

  ServerAdmin [email protected]

  # Optional. Uncomment this if you want to specify
  # a different error log file than the default. You will
  # need to create the error file first.

  #ErrorLog /var/www/vhosts/logs/error_log

  SSLCertificateFile /etc/pki/tls/certs/xyz.crt
  SSLCertificateKeyFile /etc/pki/tls/private/xyz.key
  SSLCertificateChainFile /etc/pki/tls/certs/ComodoCA.crt  

  # REQUIRED. Let's make sure that .htaccess files work on 
  # this site. Don't forget to change the file path to
  # match your DocumentRoot setting above.
  
  <Directory /var/www/xyz/html>
    AllowOverride All
  </Directory>

</VirtualHost>

From the example vhost file replace “ServerName” with your domain name and replace “ServerAlias” with your domain name

Here replace your certificate file paths with the paths named as “SSLCertificateFile”, “SSLCertificateKeyFile”, “SSLCertificateChainFile”.

Restart the apache server to see the changes in front-end.

sudo service httpd restart 

Conclusion

SSL creates more trust about website to your clients. In this example I have shown how you can setup an SSL certificate in AWS EC2 instance.

Atiqur Rahman

I am MD. Atiqur Rahman graduated from BUET and is an AWS-certified solutions architect. I have successfully achieved 6 certifications from AWS including Cloud Practitioner, Solutions Architect, SysOps Administrator, and Developer Associate. I have more than 8 years of working experience as a DevOps engineer designing complex SAAS applications.

Leave a Reply