Posted over 10 years ago. Visible to the public. Linked content.

Change / Update SSL certificate for Amazon Elastic Load Balancer

There is a new card about how to do this with the new AWS Command Line Interface


At first you need the IAM Cli Tools Archive .

On Ubuntu you can easy install it with sudo apt-get install iamcli.

Otherwise, you can install it manually:

  • download and unzip the IAM Cli Tools Archive
  • you have to set this environment variable before you can use IAMCli-Tools: export AWS_IAM_HOME=/home/foobar/Downloads/IAMCli-1.2.0/ (version may vary)

After installing IAMCli-Tools you have to create an aws-credential (e.g. aws-credential.txt) file like this:

Copy
AWSAccessKeyId=AWS access ID AWSSecretKey=AWS secret key

According to amazon there must be given the following data:

You can either use the AWS Accounts access keys and they can be found at http://aws.amazon.com under Account->Security Credentials or you can use the access keys of a user created with IA

Now you can try to list your available certificates:

Open a terminal (if you don't have yet) and set the JAVA_HOME environment variable: export JAVA_HOME=/usr

iam-servercertlistbypath --aws-credential-file ./aws-credential.txt

If you've installed it manually you have to give the full path:

/home/foobar/Downloads/IAMCli-1.2.0/bin/iam-servercertlistbypath --aws-credential-file ./aws-credential.txt

The output should look something like this:

Copy
arn:aws:iam::322191361670:server-certificate/www.example.com arn:aws:iam::322191361670:server-certificate/testCert

Now you have to upload the new certificate :

(if you don't have a ca-bundle you can omit the -c www.example.com.ca-bundle)

iam-servercertupload --aws-credential-file ./aws-credential.txt -b www.example.com.crt -k www.example.com.key -c www.example.com.ca-bundle -s www.example.com-2011 -v

The output should look like this and includes the server certificate Amazon Resource Name (ARN) and GUID:

Copy
arn:aws:iam::322191361670:server-certificate/www.example.com-2011 ASCACexampleKEZUQ4K

If you got the error message similar to A client error (MalformedCertificate) occurred: Invalid Private Key. please look at this card to see how to fix it.

Before you can activate you uploaded certificate you need to install the ElasticLoadBalancing Tools.

At the moment there is no ubuntu package available so you have to do this manually.

export AWS_ELB_HOME=/home/foobar/Downloads/ElasticLoadBalancing-1.0.14.3

Now you can activate your certificate:

You need the name from your Elastic Load Balancer, the region and the certificates ARN

/home/foobar/Downloads/ElasticLoadBalancing-1.0.14.3/bin/elb-set-lb-listener-ssl-cert lb-name --aws-credential-file ./aws-credential.txt --region eu-west-1 --lb-port 443 --cert-id arn:aws:iam::322191361670:server-certificate/www.example.com-2011

Does your version of Ruby on Rails still receive security updates?
Rails LTS provides security patches for unsupported versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2).

Owner of this card:

Avatar
Kim Jahn
Last edit:
over 8 years ago
Keywords:
aws, elb, zertifikat, elasticloadbalancer
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Kim Jahn to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more