Monday, September 30, 2013

Free Verisign Certificate for Amazon EC2 instance

How to get a signed free Certificate from Verisign for setup https on Amazon EC2 instance

1. Install openssl in your environment
2. Create a RSA key
>openssl genrsa -out test-xxx.elasticbeanstalk.com.key 2048
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
..........................................................+++
.........................+++
e is 65537 (0x10001)

The generated file should look like below

-----BEGIN RSA PRIVATE KEY-----
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END RSA PRIVATE KEY-----

3. Create certifcate signing request (CSR) with generated RSA private key
>openssl req -new -key test-xxx.elasticbeanstalk.com.key -out test-gatekeeper-api-v1.elasticbeanstalk.com.csr
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:Vic
Locality Name (eg, city) []:Melbourne
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyFreeTestCompany
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:Suraj
Email Address []:scsbatu@yahoo.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test1234
An optional company name []:

4. Verify the csr
>openssl req -noout -text -in test-gatekeeper-api-v1.elasticbeanstalk.com.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=AU, ST=Vic, L=Melbourne, O=MyFreeTestCompany, OU=IT, CN=Suraj/emailAddress=scsbatu@yahoo.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:dd:24:cc:61:69:5f:66:58:a2:9f:98:d4:31:f0:
fb:10:ff:12:73:cf:66:ce:4f:3d:3a:f1:8c:47:25:
25:31:86:c0:ee:28:d0:62:65:34:73:7a:61:f1:f1:
7f:85:92:e2:6a:2c:96:8f:2d:63:dc:b2:a6:8f:95:
a9:8e:dc:1a:05:50:a7:1e:50:3b:d6:ad:ad:da:77:
ab:7e:5b:71:04:50:69:2a:7a:77:0d:f6:50:22:0f:
12:33:08:61:1a:a9:1c:82:54:df:9b:d2:f2:3e:ee:
00:11:4f:23:42:fb:a8:e1:3d:08:26:eb:08:45:c8:
67:f2:14:66:95:2c:a6:e0:66:26:48:52:d7:b8:37:
4a:ca:8e:76:d5:9f:e3:b7:bb:df:71:2a:74:58:9d:
62:9c:c6:a1:57:31:9f:3b:98:89:c4:ce:85:55:12:
aa:95:a1:da:07:96:d9:93:1d:35:a9:bd:92:0f:22:
7a:a1:0c:af:1c:eb:85:68:f2:4c:43:f6:5c:b6:c9:
cf:31:ca:cc:4d:a1:3f:79:0c:b9:95:c2:dc:b6:21:
39:d3:d8:09:4b:36:73:de:19:c2:5f:65:b3:23:dc:
fe:29:ea:2c:ee:2f:f0:ad:b8:15:1e:dc:f4:bc:e6:
61:bc:de:3e:bc:42:7d:98:27:29:e4:86:2c:c2:e4:
72:c1
Exponent: 65537 (0x10001)
Attributes:
challengePassword        :unable to print attribute
Signature Algorithm: sha1WithRSAEncryption
cf:31:ca:30:fa:9f:a3:14:54:71:8e:50:28:f6:78:9d:11:84:
74:05:d2:da:59:68:91:8a:8b:90:83:53:37:92:22:59:3a:6e:
77:e7:65:f8:17:08:f0:8a:f4:b9:46:24:de:a9:fb:da:e2:71:
28:2c:77:3b:b0:00:fa:ac:b4:e5:43:d2:ad:98:df:14:84:c5:
24:43:f2:7d:0e:03:90:42:c8:40:69:82:78:01:a8:57:8a:fc:
f0:ed:94:a1:5c:a4:4a:1d:eb:79:6d:8b:0c:96:2f:05:43:70:
15:73:b9:30:d2:b1:b9:86:1d:85:5a:a5:63:08:02:55:60:c0:
6b:b1:82:40:70:b3:71:7a:0f:5a:77:b0:de:eb:23:62:8a:5b:
d7:8c:d9:34:ad:01:a3:cd:96:cf:92:df:59:5e:c8:5c:3a:aa:
42:79:0a:59:5b:d3:73:98:e5:77:2c:e0:27:21:5c:65:5a:e2:
ad:12:f4:d5:53:9e:fa:32:9e:bf:28:b0:02:4d:35:93:96:3e:
20:49:2c:2f:38:e9:3f:b9:43:c1:52:93:25:aa:82:8e:66:d0:
ff:8e:70:0c:63:bb:d2:06:c0:e1:e7:a9:6f:18:15:ed:9a:81:
9e:a4:0c:35:53:f2:e5:83:de:a0:33:3f:87:1a:12:fb:63:8f:
c5:a7:ea:9a

6. Symantic will email you the trial certificate
7. How to install on EC2 load balancer
Go to ec2 instance and select the correct load balancer 
Select listners
Add a new/edit HTTPs load balanccer and add the certificate in SSL certificate colomn
Select Upload a new SSL Certificate and give the followings Certificate Name, Private Key and Public Key Certificate and save it
Done
8.Now you should be able to access your site on https:// without any issue