Solved

Where are AWS Certificate Manager SSL's Stored in Centos?

Posted on 2016-10-13
2
84 Views
Last Modified: 2016-10-13
I have a socket.io setup that sends requests over SSL.

I need to locate the .key and .crt file on my aws ec2 instance.

I see in /etc/ssl/certs/ there are two files:
ca-bundle.crt and ca-bundle.trust.crt

But no .key file.  Where can I find this in CENTOS?

Reason I need is that I have the ssl installed on the load balancer that is in front of my ec2 instance so the request via socket.io comes in no problem, but the response back out from the ec2 instance right now is not secure and I'm getting a net::ERR_INSECURE_RESPONSE  on the app side.
0
Comment
Question by:N R
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Phil Phillips earned 500 total points
ID: 41842906
The certificates for AWS Certificate Manager can only be used by supported AWS services (currently, ELB and CloudFront).  You can't get the private key files for them.

The easiest solution is to use the ELB for SSL termination.  For the HTTPS listener, you can forward it to instance port 80.  Only instances inside of your VPC will be able to sniff traffic, so this is fairly secure - especially if you have your VPC locked down.

If you absolutely require encryption from the ELB to the instances, then you have to use your own certificate on the instance. If you don't have a valid certificate, you can self-sign it, but it requires some extra steps:
  1. Create ELB policy of type "PublicKeyPolicyType" - associate your public key.
  2. Create an ELB policy of type "BackendServerAuthenticationPolicyType", and associate it with the PublicKeyPolicyType from above.
  3. Associate BackendServerAuthenticationPolicyType with with the ELB.
This post does a good job of outlining that process.
0
 
LVL 11

Author Comment

by:N R
ID: 41843023
Ok so main point I didn't realize is that I don't have the key file from them.

So I bought a single SSL from Godaddy and got the key and crt file I needed for that subdomain, dropped in directory with my socket.io app and works perfectly now.  

Thanks for clarifying!
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Happy holidays! Your Ops team can pack their bags. IT management and IT management tools are dead. Or at least that’s according to a new blog from Tech Target on AWS’s new Managed Services (MS) offering.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question