Skip to content

Instantly share code, notes, and snippets.

@jackfiallos

jackfiallos/Readme.md

Last active July 30, 2024 14:20
Show Gist options
  • Save jackfiallos/276c5fd5671b8908d27a25ff11a13b0f to your computer and use it in GitHub Desktop.
Save jackfiallos/276c5fd5671b8908d27a25ff11a13b0f to your computer and use it in GitHub Desktop.
Download ZIP
Import SSL Comodo cert to AWS Certificate Manager
Raw
Readme.md

Install your Comodo Certificates to Amazon AWS

Comodo, the leading Internet Security Provider offers Free Antivirus, SSL Certificate and other Internet Security related products with complete protection. In this post I will walk you through the setup of SSL in Amazon CloudFront (the process is common to all Amazon services)

AWS need that all your certificates are in PEM format. They are two main of encoding certificate:

DER: is a binary encoding of a certificate. Typically these use the file extension of .crt or .cert.

PEM: is a Base64 encoding of a certificate represented in ASCII therefore it is readable as a block of text. This is very useful as you can open it in a text editor work with the data more easily. Comodo certificate are delivered in DER format .crt, so we need to convert them to PEM.

Certificates Setup

Convert crt to PEM

Amazon AWS need:

  • Your issued certificate
  • Your private key
  • The CAChain certificate that include all intermediate and Root CA certificate.

Comodo send you 4 certificates:

  • AddTrustExternalCARoot.crt
  • <your_issued_certificate_name>.crt: for instance cdn_guillaumemaka_com.crt in my case.
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt

First cding to the folder containing all your certificates:

$ cd /path/to/certificates/folder
$ mkdir pem

Then convert all certificates:

openssl x509 -in ./AddTrustExternalCARoot.crt -outform pem -out ./pem/AddTrustExternalCARoot.pem
openssl x509 -in ./COMODORSAAddTrustCA.crt -outform pem -out ./pem/COMODORSAAddTrustCA.pem
openssl x509 -in ./COMODORSADomainValidationSecureServerCA.crt -outform pem -out ./pem/COMODORSADomainValidationSecureServerCA.pem
openssl x509 -in ./cdn_guillaumemaka_com.crt -outform pem -out ./pem/cdn_guillaumemaka_com.pem

x509: The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a “mini CA” or edit certificate trust settings. -in : This specifies the input filename to read a certificate from or standard input if this option is not specified. -outform PEM: This specifies the output format. In this case PEM. -out filename: This specifies the output filename to write to or standard output by default.

Convert the private key:

openssl rsa -in ./private.key -outform PEM -out private.key.pem

rsa: The rsa command processes RSA keys.

Create a CAChain

$ cat ./pem/COMODORSADomainValidationSecureServerCA.pem > ./pem/CAChain.pem
$ cat ./pem/COMODORSAAddTrustCA.pem >> ./pem/CAChain.pem
$ cat ./pem/AddTrustExternalCARoot.pem >> ./pem/CAChain.pem

Warning: You must construct the CAChain in descending order. Z->A

Now you should have a folder structure like this:

├── AddTrustExternalCARoot.crt
├── COMODORSAAddTrustCA.crt
├── COMODORSADomainValidationSecureServerCA.crt
├── cdn_guillaumemaka_com.crt
├── private.key
└── pem
    ├── AddTrustExternalCARoot.pem
    ├── CAChain.pem
    ├── COMODORSAAddTrustCA.pem
    ├── COMODORSADomainValidationSecureServerCA.pem
    ├── cdn_guillaumemaka_com.pem
    └── private.key.pem

Upload

aws iam upload-server-certificate --server-certificate-name CDNServerCertificate --certificate-body file://cdn_guillaumemaka_com.pem --private-key file://private.key.pem --certificate-chain file://CAChain.pem --path /cloudfront/production/

Source taken from: https://guillaumemaka.com/2015/05/06/install-your-comodo-certificates-to-amazon-aws.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment