Solved

Where are AWS Certificate Manager SSL's Stored in Centos?

Posted on 2016-10-13
2
59 Views
Last Modified: 2016-10-13
I have a socket.io setup that sends requests over SSL.

I need to locate the .key and .crt file on my aws ec2 instance.

I see in /etc/ssl/certs/ there are two files:
ca-bundle.crt and ca-bundle.trust.crt

But no .key file.  Where can I find this in CENTOS?

Reason I need is that I have the ssl installed on the load balancer that is in front of my ec2 instance so the request via socket.io comes in no problem, but the response back out from the ec2 instance right now is not secure and I'm getting a net::ERR_INSECURE_RESPONSE  on the app side.
0
Comment
Question by:N R
2 Comments
 
LVL 12

Accepted Solution

by:
Phil Phillips earned 500 total points
ID: 41842906
The certificates for AWS Certificate Manager can only be used by supported AWS services (currently, ELB and CloudFront).  You can't get the private key files for them.

The easiest solution is to use the ELB for SSL termination.  For the HTTPS listener, you can forward it to instance port 80.  Only instances inside of your VPC will be able to sniff traffic, so this is fairly secure - especially if you have your VPC locked down.

If you absolutely require encryption from the ELB to the instances, then you have to use your own certificate on the instance. If you don't have a valid certificate, you can self-sign it, but it requires some extra steps:
  1. Create ELB policy of type "PublicKeyPolicyType" - associate your public key.
  2. Create an ELB policy of type "BackendServerAuthenticationPolicyType", and associate it with the PublicKeyPolicyType from above.
  3. Associate BackendServerAuthenticationPolicyType with with the ELB.
This post does a good job of outlining that process.
0
 
LVL 11

Author Comment

by:N R
ID: 41843023
Ok so main point I didn't realize is that I don't have the key file from them.

So I bought a single SSL from Godaddy and got the key and crt file I needed for that subdomain, dropped in directory with my socket.io app and works perfectly now.  

Thanks for clarifying!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Steps to create a PostgreSQL RDS instance in the Amazon cloud. We will cover some of the default settings and show how to connect to the instance once it is up and running.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now