Enabling SSL on apache instance on EC2
A summary of what needs to be done to enable SSL on apache server on EC2:
- Get SSL certificate (which you already did)
- Install mod_ssl as Jose Vega said
- Add the following lines to your httpd.conf 3.
NameVirtualHost *:443<VirtualHost *:443> ServerName www.example.com# other configurationsSSLEngine onSSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crtSSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key</VirtualHost>
Finally, don't forget to open port 443 on your EC2 instance
I managed to enable SSL on my ec2 instance and to install a free ssl certificate from startssl.com. I made a few mistakes, this is the basic approach:
- Signup to startssl.com by clicking Control Panel link
- Complete the signup process. You will need to verify your email address.
- Validate your domain under Validation Wizard -> Domain Name Validation
- Get a Certificate by Certificate Wizard
- Choose:
Web Server SSL/TLS Certificate
- Enter a password that will be used to encrypt the private key. You will need this later.
- I chose keysize of 4096
- Save the encrypted private key as
ssl.encrypted.key
someplace - ?? I forget what happened next
- Save the certificate file as ssl.crt someplace. For me I had to wait 30 minute then it appeared under Tool Box -> Retrive Certificate
- Choose:
- Use openssl to decrypt the encrypted ssl.encrypted.key file
sudo openssl rsa -in ssl.encrypted.key -out ssl.unencrpted.key
- startssl.com also have a decrypt option on their website, but it didn't work for me
- putty/ssh onto your ec2 machine
- install mod_ssl
sudo yum install mod_ssl
- Replace the default certificate and key
sudo vi /etc/pki/tls/certs/localhost.crt
- Paste in the contents of ssl.crt
- Make sure it pastes correctly! I always lose the first 6 characters
- Use
:%d
to delete the existing certificate if required [ESC] wq
sudo vi /etc/pki/tls/private/localhost.key
- Paste in the contents of ssl.unencrypted.key
- Again make sure it pastes correctly!
[ESC] wq
- Check the configuration
apachectl configtest
- Restart
sudo service httpd restart
- I had issues restarting and I think what fixed it was
sudo kill -9 httpd