Install SSL certificates on AWS EC2 (Amazon Linux AMI) using "RapidSSL"

Following are the steps to install SSL certificate on an AWS EC2 (Amazon Linux AMI) instance running LAMP server.

1. Install mod_ssl on your EC2 instance.

   • sudo yum install -y mod24_ssl

2. Get SSL certificates for your domain from RapidSSL

   • Once you purchase the certificate you will need to submit request to generate certificates using CSR generated on your server.

   • To generate the CSR, SSH onto your server and execute the following command:

       openssl req -new -newkey rsa:4096 -nodes -keyout private.key -out certificate.csr
     

     • You will be asked to enter info related to your website e.g.

         Country Name (2 letter code) [XX]: IN 
         State or Province Name (full name) []: Chandigarh 
         Locality Name (eg, city) [Default City]: Chandigarh 
         Organization Name (eg, company) [Default Company Ltd]: XYZ Pvt Ltd 
         Organizational Unit Name (eg, section) []: BLOG 
         Common Name (eg, your name or your server's hostname) []: mydomain.com 
         Email Address []: admin@mydomain.com
       

   • After submitting request successfully, you will get the link to download the certificates such as below:

     • 

     • Select "Apache" in the "Server Platform" field

3. Upload the certificate files to following directories on your EC2 instance:

   • /etc/pki/tls/private/private.key

     • private.key file is the one created in step-2.b above.

   • /etc/pki/tls/certs/certificate.crt

     • You will get this file in step-2.c above.

     • It would be named such as {some random string}_your_domain_name.crt, please rename it to certificate.crt

   • /etc/pki/tls/certs/DigiCertCA.crt

     • You will get this file in step-2.c above.

     • It would be named such as {some random string}_DigiCertCA.crt, please rename it to DigiCertCA.crt

4. Edit /etc/httpd/conf.d/ssl.conf file to use above paths.

   •       SSLCertificateFile /etc/pki/tls/certs/certificate.crt
     
           SSLCertificateKeyFile /etc/pki/tls/private/private.key
     
           SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt
     

Make sure that HTTPS traffic is allowed on your server.

For more details check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-ami.html

Note:

Sometimes you might also have to add chain certificate.

In such case, please visit https://whatsmychaincert.com and test whether your server is using correct chain certificate.

If not, then you can get the chain certificate from RapidSSL and upload to /etc/pki/tls/certs/server-chain.crt.

Make sure to edit /etc/httpd/conf.d/ssl.conf to use appropriate path of the chain certificate.