Add Godaddy SSL to AWS EC2 instance - ssl

I have Godaddy Domain Pointed to AWS EC2 instance and also I have Purchased SSL from GoDaddy. I need to enable HTTPS for my side now. My I have Ubuntu instance with Apache installed.
Thanks

You need to generate csr file first on ec2, after validation, download the certificates. Afterwards enable ssl on apache2 in the config file. You can follow this tutorial on digital ocean for detailed explantaion

Please generate your CSR first, you can ask support team to generate it for you
Enroll your CSR on Godaddy SSL portal
Then, you can install your .cer on the server.
If you are not too sure, you can ask help from support team

Related

Provide SSL certificate for internal Website

I have a website in my local network and the website is not ssl secured.
Many clients can not reach the website because of
"ERR_SSL_VERSION_OR_CIPHER_MISMATCH"
Is there any way to secure websites in a local network with ssl? I am using an Active Directory Server in my network.
There are also a lot of local Websites on a vmware that are not secured. I would like to secure them easily.
• I would suggest you to please install ADCS (Active Directory Certificate Services) role in your Active Directory and create a self-signed SSL certificate through it for your internal use. Since, Active Directory is a trusted public key authentication infrastructure provider, the concerned role installed on it for the said purpose does not need certificates from globally trusted CA (certification authority) and can be thus, used locally. For the time being, if you want to create a self-signed SSL certificate on the concerned server, you will have to install ‘Web Server (IIS)’ role and then open the ‘IIS manager’ console from where you can generate the SSL self-signed certificate and bind the same to the website on that server itself. For this process, kindly refer to the link below which explains in detail the steps to be followed for generating a self-signed certificate and binding it to a website: -
https://www.thewindowsclub.com/create-self-signed-ssl-certificates-in-windows-10
Please note that the above stated process is for that server on which the website is hosted locally. Thus, the self-signed certificate generated will not be useful on other servers in your environment.
• To generate an SSL certificate for a web service/website that is hosted on a cluster of servers configured for the same purpose/website, then you will have to configure an SSL certificate template from a root CA, in your case, an AD server installed with ADCS role will serve as a root CA in your domain environment. Then assign that template to the CA (AD server in your case) for it to authorize the issuing of the configured SSL template to the concerned server where the website for which this SSL certificate is to be installed is hosted. For more detailed information regarding this, please refer to the documentation link below: -
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn781428(v=ws.11)#obtain-an-ssl-certificate-from-ad-cs
Please note that the above link states the issuing of the SSL certificate for an ADFS Server. You will need to change the Subject Name of the issued certificate to that website for which you are issuing this certificate.

How To Get SSL Working with Elastic Beanstalk, Route53 and Cloudflare

I am struggling to get SSL to work on an elastic beanstalk environment with the following configuration:
I have the domain hosted with GoDaddy, which I have routing through cloudflare, which then routes to Route53 with an A record pointing to my subdomain api.myapp.com (which points to my EB environment).
I am using Cloudflare's full E2E encryption, and am using the SSL certificate provided by cloudflare.
In my EB environment, I am using a Classic Load Balancer and have the following configuration (note: my application uses websockets hence the TCP port):
I've added the SSL certificate to the HTTPS configuration but when I navigate to api.myapp.com I am still getting the "your connection is not secure" in the browser.
Does anyone have any suggestions on how to resolve the issue?
The free ssl from zerossl.com works. After the validation and others stuffs at the end you will get three files.
Using AWS Console
Download the zip files containing certificate, chain and private. Goto AWS certificate manager -> import certificate -> add all the details -> review and import the certificate.
Using AWS CLI, which will output the certificate identifier
aws iam upload-server-certificate --server-certificate-name ish --certificate-body file://certificate.crt --certificate-chain file://ca_bundle.crt --private-key file://private.key
Goto AWS Console load balancer and select 443 HTTPs the recent certificate will be available which can be identified by an identifier provided on both the above cases. Apply changes and restart the env. The new certificate will be available.
Turns out that AWS doesn't allow the use of SSL certificates purchased from cloudflare anymore, so I solved it by provisioning one with CA on AWS.

Subdomain & Pricing of Google-managed SSL certificate in Load Balancing

Can anyone help me with the pricing and support for Subdomain for Google-managed SSL certificate in Load Balancing.
I am working with https for Static website.
https://medium.com/#marco_37432/create-a-custom-domain-cdn-with-google-beta-7ad9531dfbae
I want to create a Subdomain with admin.example.com to link Google-managed SSL certificate in Load Balancing
But with Google docs I can see "Its not supporting wildcard common names or multiple subject alternate names" I cant understand, Can any one explain me and can I use create admin.example.com to link Google-managed SSL certificate.
With pricing I can see its free in https://geekflare.com/google-managed-certificate-lb/ Can I find them google Document to confirm.
Google Cloud Managed SSL Certificates are free.
You can only use Google Managed SSL Certificates with Google services such as load balancers. You cannot use them on services you control. Google does not make the certificate private key available.
Google services such as load balancers support more than one SSL certificate. Each Google managed certificate can only have one verified domain name. This can be a subdomain of a root domain you own/control. Wildcards are not supported.
If any of the above limitations affect you, then you will need to select self-managed certificates. You can easily create your own Let's Encrypt SSL certificates with Cloud Shell.
Example commands to run on Cloud Shell:
wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
./certbot-auto certonly --manual --preferred-challenges dns -d 'example.com' -d '*.example.com'
I wrote an article that covers this in detail here.
As of today (2020-01-28) Google supports multiple domains in a single certificate (in beta):
Cloud Load Balancing – multiple domain support for Google-managed SSL
certificates: beta
https://cloud.google.com/load-balancing/docs/ssl-certificates
https://cloud.google.com/load-balancing/docs/quotas#ssl_certificates

http to https in EC2 apache2 in AWS

I'm trying to have https for a website which is hosted in AWS EC2. I have followed the steps mention in the following link.
https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
But still its showing the privacy thing to all user who are visiting the website. How can make the certificate as trusted or how long it will take Amazon to make it a trusted one.
Please help me to solve this. I'm stuck with this for last 2 days. Answers will be appreciated and Thank you.
You can use AWS Certificate Manager to issue free SSL certificate signed by AWS Certificate Authority. However for this to work, you need to use a Load Balancer and attach the certificate to the Load Balancer which will forward the traffic to the EC2 instance.
Depending on your requirements you may wish to use SSL termination on an Elastic Load Balancer (ELB) instead.
This involves creating a free AWS certificate and an ELB. Attach both your instance the certificate to the ELB with HTTPS forwarded to port 80 on your instance.
Then just point your DNS name to the ELB. If you're using Route53 then you can just use an A-record alias.
Edit: If you want to automatically direct HTTP to HTTPS you'll need to check the X-Forwarded-Proto header in Apache's .htaccess file. More information here.
The certificate which you are using is a "Self Signed Certificate (https://en.wikipedia.org/wiki/Self-signed_certificate)".
In order to get rid of insecure certificate or privacy issues on HTTPS, you need to get your CSR signed from a trusted CA like Comodo, Godaddy etc.
Ref -
https://in.godaddy.com/help/apache-generate-csr-certificate-signing-request-5269
https://help.comodo.com/topic-437-1-843-10843-.html
OR
In case you want free verified SSL certificates, "letsencrypt" is the way to go.
https://letsencrypt.org/
You don't need to pay anyone for a certificate. Just use LetsEncrypt and their CertBot ACME client. The CertBot automates the task of issuing and renewing certificates.
LetsEncrypt is the leading free SSL certificate authority (CA) and their certs are as good as any paid cert.

Transfer SSL certificates from GoDaddy to AWS (EC2-APACHE)

i want to transfer my GoDaddy website hosting to EC2 apache. But i do have a confusion that how do i transfer SSL certificates from GoDaddy to EC2 apache.
Do i need to export certificates from GoDaddy?
How to i install those certificates on apache, including priavte key?
Thanks,
Saqib
There is no such thing as transfer SSL certificates when it comes to Apache.
You need to configure Apache server with SSL.
You can refer to the below blog post on how to do so:
https://www.digicert.com/ssl-certificate-installation-apache.htm