I am new to AWS and got my Java based RESTAPI running on Single Instance EBS. Now I'm trying to install an SSL certificate in EBS with a single instance so that it can work for https requests.
I am trying to create a Self Signed Certificate on my Windows machine for a certificate at the moment. I created this article to create certificates.
I followed the AWS Documentation and can see a sample script for creating an SSL configuration file (singlessl. Configuration).
I am not sure where and how I can get <certificate file contents> and <private key contents> for the configuration file. You could advise.
EDIT:
Here is a configuration file that has no problems before adding certificate content
Resources: sslSecurityGroupIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: {"Ref" : "AWSEBSecurityGroup"} # GroupId: {"Ref" : "AWSEBSecurityGroup"} IpProtocol: tcp ToPort: 443 FromPort: 443 CidrIp: 0.0.0.0/0 packages: yum: mod_ssl : [] files: /etc/httpd/conf.d/ssl.conf: mode: "000755" owner: root group: root content: | LoadModule ssl_module modules/mod_ssl.so Listen 443 <VirtualHost *:443> <Proxy *> Order deny,allow Allow from all </Proxy> SSLEngine on SSLCertificateFile "/etc/pki/tls/certs/server.crt" SSLCertificateKeyFile "/etc/pki/tls/certs/server.key" SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff ProxyPass / http://localhost:8080/ retry=0 ProxyPassReverse / http://localhost:8080/ ProxyPreserveHost on LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ErrorLog /var/log/httpd/elasticbeanstalk-error_log TransferLog /var/log/httpd/elasticbeanstalk-access_log </VirtualHost> /etc/pki/tls/certs/server.crt: mode: "000400" owner: root group: root content: | -----BEGIN CERTIFICATE----- <certificate file contents> -----END CERTIFICATE----- /etc/pki/tls/certs/server.key: mode: "000400" owner: root group: root content: | -----BEGIN RSA PRIVATE KEY----- <private key contents> -----END RSA PRIVATE KEY----- services: sysvinit: httpd: enabled: true ensureRunning: true files : [/etc/httpd/conf.d/ssl.conf,/etc/pki/tls/certs/server.key,/etc/pki/tls/certs/server.crt]
Again after adding the contents of the certificate, validation
Resources: sslSecurityGroupIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupName: {"Ref" : "AWSEBSecurityGroup"} # GroupId: {"Ref" : "AWSEBSecurityGroup"} IpProtocol: tcp ToPort: 443 FromPort: 443 CidrIp: 0.0.0.0/0 packages: yum: mod_ssl : [] files: /etc/httpd/conf.d/ssl.conf: mode: "000755" owner: root group: root content: | LoadModule ssl_module modules/mod_ssl.so Listen 443 <VirtualHost *:443> <Proxy *> Order deny,allow Allow from all </Proxy> SSLEngine on SSLCertificateFile "/etc/pki/tls/certs/server.crt" SSLCertificateKeyFile "/etc/pki/tls/certs/server.key" SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff ProxyPass / http://localhost:8080/ retry=0 ProxyPassReverse / http://localhost:8080/ ProxyPreserveHost on LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ErrorLog /var/log/httpd/elasticbeanstalk-error_log TransferLog /var/log/httpd/elasticbeanstalk-access_log </VirtualHost> /etc/pki/tls/certs/server.crt: mode: "000400" owner: root group: root content: | -----BEGIN CERTIFICATE----- MIIFrjCCA5agAwIBAgIQnWFbX+HcXIBD15PWJMbowzANBgkqhkiG9w0BAQ0FADBd MQ4wDAYDVQQGEwVJbmRpYTEMMAoGA1UECxMDREVWMR4wHAYDVQQKExVWNSBCdXNp bmVzcyBTb2x1dGlvbnMxHTAbBgNVBAMTFE1BU2dlbmllIERldiBSb290IENBMB4X DTE0MTIzMTE4MzAwMFoXDTE5MDEzMDE4MzAwMFowGzEZMBcGA1UEAxMQZGV2Lm1h c2dlbmllLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMEHn/iC 9iGQHAKwxscFdnun2Q1qr0M0jBIt4JcwTsT5NjRfII7RBHvCnTWrQUo4QBoIqVdR OkG4PkAS0Q3wqcuACyCAknx//k9O0DQHbkk2jI0aNrrD0iDFlHX9P/e+zS6VA5Qg 2Wrzf4nHNDC3ITsGYkNvXXFn6Uhl0o7WHrQ7njHpd26kNFGQPwVbFdjDm2uYDUqz SnnlxXWVI1bgIoKVrZOqe61XCmgaFP0fIMXw4nZGT1GzfWmrzg9qjglMldxjoHL2 XpOtF6l8jRnVMLQqytlDb3CkQSYdoDqKWhiqNvq1l0ZsLupuPebdjTD11KMybW2k q/0R5WCrNBBLRwxFq6DZgzyhhHvBhxFA567uafSRDhlpCz8C0Ll3SM1TrU8ySyVN JgRIH2E3CPJ5wAiIWEuz4LKJ/Pip+j/7iuqsRgX7QBh7kJN3oRghoAKmkoWvBuJ8 n4azmtO+B4WDDwaoV7+JYX79dwpI+dzYAZXG1MhJv0SSIx4F3eCw5tSJqpbtj9om KluKd8RGHpZW9qUQCcLY3Expx74Ehnm+Lbgov5C1ba7JYab+JRyM1tz5k/Z+sy2m 3PUUZz2WxBeysrnjjfCYrLtXGOwG13jO2rf4e9PakRBQd4Ybx2Z45IximaFT38r5 DQZXlLgq+BkekGuV7FVtzPSZH3FV86UIRBeTAgMBAAGjgaswgagwEwYDVR0lBAww CgYIKwYBBQUHAwEwgZAGA1UdAQSBiDCBhYAQKxykerZGsDqRGnXn8lBmoqFfMF0x DjAMBgNVBAYTBUluZGlhMQwwCgYDVQQLEwNERVYxHjAcBgNVBAoTFVY1IEJ1c2lu ZXNzIFNvbHV0aW9uczEdMBsGA1UEAxMUTUFTZ2VuaWUgRGV2IFJvb3QgQ0GCEE/8 C0XD+iW3TMfyC51vkw0wDQYJKoZIhvcNAQENBQADggIBAHggcAILANfMtdSJd9XW 2BsFXORtKrWzrlsYEOkM8sIjqI0QoDI1KE7NwFbzhue5OdxB8uOq1nD/J8HZUovH Ij4np58yJjp6K43zaxrFjQNO7UyHJmcJ0rPRet7WuCTwqs4DY4/J4foEe1mNE3kL 7HiAAEKHmZ0/sLwu6TKa3QOajWxIV/MCLAuNEvTc4hPAesmyuUlnRWa8Uk/8cOCB HFgpe/jWN8wxAcj1YS60RBGTeneiutW+/ZZr9YKlTjZgmnbR3LEDdSTsP6eLGocl KHT0MdTqIm0uphmr8jUeUw2iNOrbm1FRZoTW9hKboIdM0Uksr778WK5A3MlsakZP 2J2G1cvQAC1fEckTS9p39QhLRTes5gCpLROySfWY9ZeMam2AXQyeVHZ6kbqdAdNG TpOysl8j13m/O5Lh1QM26fJ9P+IIqKOffXxty4C4bZCVoR270QEP42az9G61mQZ9 d0c2yMsCvIhS1UxguF3cjGz3CK90SMo3l5TFDnNU71a0M5DIuuViIB8f40Jp5HL3 hjq+l2vzIxrmFbKyCvL5+dbEy46q9dIjqOFJECsu9khqHNbA7Wn5GBzBNxGLTkh/ 2kaeIvUbRPrDFE67J/gHL4NPXSp+NohnQvjFRvGn/+3GKjhdrLDu+rlXrcEkNUv3 c4XR9gJqVsCoSiWRnoZP05FB -----END CERTIFICATE----- /etc/pki/tls/certs/server.key: mode: "000400" owner: root group: root content: | -----BEGIN RSA PRIVATE KEY----- <private key contents> -----END RSA PRIVATE KEY----- services: sysvinit: httpd: enabled: true ensureRunning: true files : [/etc/httpd/conf.d/ssl.conf,/etc/pki/tls/certs/server.key,/etc/pki/tls/certs/server.crt]
Error:
(<unknown>): could not find expected ':' while scanning a simple key at line 56 column 1
source share