Wondering how to install SSL/TLS certificate on EC2 Windows instance? We can help you.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how our Support techs assist with this installation.
How to install SSL/TLS certificate on EC2 Windows instance?
If you’re using Elastic Load Balancing, you can use an Amazon-provided certificate from AWS Certificate Manager (ASM).
Today, let us see the steps followed by our Support Techs in installation.
There are three steps to install an SSL/TLS certificate on your EC2 Windows instance:
1.Firstly, create a Certificate Signing Request (CSR) and request your SSL certificate.
2.Then, install your SSL certificate.
3.Finally, assign the SSL certificate to your IIS deployment.
Step 1: Create a CSR and request your SSL Certificate
1.Firstly, open the IIS Manager by selecting Start, Control Panel, Administrative Tools, Internet Information Services (IIS) Manager.
2.Select Connections, and then select the name of the server where you’re installing the certificate.
3.In the IIS section of the home page, select Server Certificates.
4.On the Server Certificates console, select Actions, and then select Create Certificate Request. The Request Certificate wizard opens.
5.Then, enter the following values in the Request Certificate wizard:
- Common name: Enter the fully qualified domain name (FQDN) of the domain (for example, www.example.com).
- Organization: Enter your company’s name.
- Organizational unit: Optionally, enter name of the department within your organization. This might be Sales, Marketing, IT, and so on.
- City/locality: Enter the city where the company is legally located.
- State/province: Enter the state or province where the company is legally located.
- Country: Enter the country where the company is legally located.
6.Cryptographic Service Provider Properties, enter the information following:
- Cryptographic service provider: Select Microsoft RSA Channel Cryptographic Provider. You can select other options, if needed.
- Bit length: Use 2048, which is the current open standard, unless a higher value is required.
7.Select Browse next to the Specify a file name for the certificate request field to browse to the location where you want to save your CSR.
Please note iff you don’t select a location, the file saves to C:\windows\system32.
8.Then, select Next.
10.Use a text editor to copy the text from the created file. The following is an example of the text:
-----BEGIN NEW CERTIFICATE REQUEST----- <examplekey> -----END NEW CERTIFICATE REQUEST-----
11.Send this value, including the first and last lines, to your chosen certificate provider so that they can issue the certificate.
When the certificate is available, move to Step 2: Install your SSL certificate.
Step 2: Install your SSL Certificate
1.Firstly, save the certificate file issued by the chosen provider to the server where you created the Certificate Signing Request (CSR).
2.Open the IIS Manager by selecting Start, Control Panel, Administrative Tools, Internet Information Services (IIS) Manager.
3.Select Connections, and then select the name of the server where you’re installing the certificate.
4.In the IIS section, select Server Certificates.
5.Select Actions, Complete Certificate Request. A wizard launches.
6.For Specify Certificate Authority Response, enter the following information:
- File name containing the certificate authority’s response: Select the certificate (.cer) file.
- Friendly name: Enter a name for you to identify the certificate. For easier identification, consider adding the expiration date and use case.
- Select a certificate store for the new certificate: Select Web Hosting.
Your SSL Certificate is installed on the server and ready for use. Now you must assign it to your site.
Step 3: Assign the SSL Certificate to your IIS deployment
1.Open the IIS Manager by selecting Start, Control Panel, Administrative Tools, Internet Information Services (IIS) Manager.
2.Under Connections, expand the section of the server where you installed the certificate.
3.Expand the Sites section, and then select the site where you want to assign the certificate.
4.On the site’s home page, select Bindings.
5.Then, in the Site Bindings wizard select Add.
6.On the Add Site Binding enter the following information:
- Type: Select HTTPS.
- IP Address: Select the IP Address of the site or select All Unassigned.
- Port: Enter 443. Port 443 is the port used by HTTPS for SSL secured traffic.
- SSL Certificate: Select the SSL Certificate for this site (for example, example.com).
Now the SSL Certificate is assigned to this specific site for use with HTTPS.
How to modify an existing SSL certificate assigned to a site?
You might have to modify an existing SSL certificate if you’ve changed providers, have an expired certificate, and so on.
To modify a certificate assigned to a site, do the following:
1.Firstly, follow the steps in Step 1: Create a CSR and request your SSL Certificate.
2.Follow the steps in Step 2: Install your SSL Certificate.
3.Follow steps 1 through 4 in the Step 3: Assign the SSL certificate to your IIS deployment.
4.In the Site Bindings wizard, find the HTTPS binding, select it, and then choose Edit.
5.Select the new certificate from the SSL Certificate drop-down list, and then select Ok.
[Need help with the process? We’d be happy to assist]
In short, we saw how our Support Techs install SSL/TLS certificate on EC2 Windows instance