AWS SSL Cert Upload

SSLCertUpload.md

Uploading Renewed SSL Certs to AWS :

• Download SSL cert from service provider.
• Note down the ELBs that are using that certificate. More often i see there are many ELBs that use the same Cert.
• Update and run the script.
• Login to AWS console and reattach the new cert to ELB

uploadCert.sh

#!/bin/sh

act="--profile dmz"
#aws $act iam list-server-certificates | grep projectDarvin

updateCert(){
aws $act iam upload-server-certificate --server-certificate-name  $1 --certificate-body file://$2  --private-key  file://$3  
}

deleteCert(){
aws $act iam delete-server-certificate --server-certificate-name  $1 
}

deleteCert "darwin-test"
#updateCert cloudwiki cloudwiki.merck.com.crt cloudwiki.merck.com.key
cert='darwin-test.mycorp.com'

# Enter passcode when prompted
openssl rsa -in $cert.pem -out $cert.key
cp $cert.pem $cert.crt
#Remove private key and keep just the certificate
vi $cert.crt

updateCert "darwin-test" $cert.crt $cert.key

validateELB.sh

#!/bin/sh

act="--profile dmz --region us-east-1"
aws $act elb describe-load-balancers  --output text | grep ^LOADBALANCERDESCRIPTIONS | grep "darwin-test" | cut -f6


updateELBCert(){
aws $act elb   set-load-balancer-listener-ssl-certificate --load-balancer-name $1 --load-balancer-port $2  --ssl-certificate-id $3
}

cert="arn:aws:iam::06883532423:server-certificate/darwin-test"
updateELBCert EICC-WebAPI-TST-Gateway-External 443 $cert
updateELBCert EICC-WebAPI-TST-Gateway-Internal 443 $cert
updateELBCert EICC-WebAPI-TST-Portal-External 443 $cert
updateELBCert EICC-WebAPI-TST-Manager-Internal 443 $cert
updateELBCert EICC-WebAPI-TST-Manager-Internal 8443 $cert