I recently come across a need to secure a AWS Elastic Beanstalk site for a product we developed. After search online and on AWS documentation, it seems all the resources/solution available is to do this via the command line. Being lazy and for a challenge, I decide to try out a different approach, doing it graphically via GUI tool and AWS web console.
To start with, download this nice graphic tool XCA, which provides a nice GUI over openssl. Then run through the normal process (basically from tab to next tab in this program):
1. Click on “new key” to generate your private key
2. on “Certificate signing requests” tab, click on “new request” to generate the csr (of cause fill out the usual information)
3. Export out the csr and get it signed by your CA provider
4. import the signed certificate back into the XCA, along with your CA’s signing certificates under “Certificates” tab
5. Now export out your private key and certificate chain out as PEM format file. We are going to need them later
To install your signed certificates following following steps:
1. Log in to AWS EC2 console: https://console.aws.amazon.com/ec2
2. From “Load Balancers” find the instance for your Beanstalk site, select this instance
3. From the detail tabs, select “Listeners” tab, then click on Edit button
4. Create a new HTTPS listener if it is not created yet, then click on “Change” under SSL Certificate
5. Choose “Upload a new SSL Certificate” then fill out the information from your exported certificate (open your PEM file in a text editor then copy and paste the content in this form)
6. Click on “Save” button, if you have done it right, this should upload the SSL Certificate to AWS and create the HTTPS listener for you
7. You might also want to double check under your security tab for the security group used to see whether it has inbound setup for HTTPS as well
8. Now switch your AWS EC2 console to Elastic Beanstalk management console, then select your Beanstalk instance configuration
9. Under Network Tier, select to configure your Load Balancer
10. Choose the HTTPS, 443 and the uploaded SSL certificate then save and wait for it take effect
You might also want to disable HTTP access once HTTPS access has been verified.
That is all you need to do to set this up without running a single command from openssl or AWS command tool!
Michael's Blog 