Solved

Where are AWS Certificate Manager SSL's Stored in Centos?

Posted on 2016-10-13
2
122 Views
Last Modified: 2016-10-13
I have a socket.io setup that sends requests over SSL.

I need to locate the .key and .crt file on my aws ec2 instance.

I see in /etc/ssl/certs/ there are two files:
ca-bundle.crt and ca-bundle.trust.crt

But no .key file.  Where can I find this in CENTOS?

Reason I need is that I have the ssl installed on the load balancer that is in front of my ec2 instance so the request via socket.io comes in no problem, but the response back out from the ec2 instance right now is not secure and I'm getting a net::ERR_INSECURE_RESPONSE  on the app side.
0
Comment
Question by:Nathan Riley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
Phil Phillips earned 500 total points
ID: 41842906
The certificates for AWS Certificate Manager can only be used by supported AWS services (currently, ELB and CloudFront).  You can't get the private key files for them.

The easiest solution is to use the ELB for SSL termination.  For the HTTPS listener, you can forward it to instance port 80.  Only instances inside of your VPC will be able to sniff traffic, so this is fairly secure - especially if you have your VPC locked down.

If you absolutely require encryption from the ELB to the instances, then you have to use your own certificate on the instance. If you don't have a valid certificate, you can self-sign it, but it requires some extra steps:
  1. Create ELB policy of type "PublicKeyPolicyType" - associate your public key.
  2. Create an ELB policy of type "BackendServerAuthenticationPolicyType", and associate it with the PublicKeyPolicyType from above.
  3. Associate BackendServerAuthenticationPolicyType with with the ELB.
This post does a good job of outlining that process.
0
 
LVL 11

Author Comment

by:Nathan Riley
ID: 41843023
Ok so main point I didn't realize is that I don't have the key file from them.

So I bought a single SSL from Godaddy and got the key and crt file I needed for that subdomain, dropped in directory with my socket.io app and works perfectly now.  

Thanks for clarifying!
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question