[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 158
  • Last Modified:

Where are AWS Certificate Manager SSL's Stored in Centos?

I have a socket.io setup that sends requests over SSL.

I need to locate the .key and .crt file on my aws ec2 instance.

I see in /etc/ssl/certs/ there are two files:
ca-bundle.crt and ca-bundle.trust.crt

But no .key file.  Where can I find this in CENTOS?

Reason I need is that I have the ssl installed on the load balancer that is in front of my ec2 instance so the request via socket.io comes in no problem, but the response back out from the ec2 instance right now is not secure and I'm getting a net::ERR_INSECURE_RESPONSE  on the app side.
0
Nathan Riley
Asked:
Nathan Riley
1 Solution
 
Phil PhillipsDirector of DevOps & Quality AssuranceCommented:
The certificates for AWS Certificate Manager can only be used by supported AWS services (currently, ELB and CloudFront).  You can't get the private key files for them.

The easiest solution is to use the ELB for SSL termination.  For the HTTPS listener, you can forward it to instance port 80.  Only instances inside of your VPC will be able to sniff traffic, so this is fairly secure - especially if you have your VPC locked down.

If you absolutely require encryption from the ELB to the instances, then you have to use your own certificate on the instance. If you don't have a valid certificate, you can self-sign it, but it requires some extra steps:
  1. Create ELB policy of type "PublicKeyPolicyType" - associate your public key.
  2. Create an ELB policy of type "BackendServerAuthenticationPolicyType", and associate it with the PublicKeyPolicyType from above.
  3. Associate BackendServerAuthenticationPolicyType with with the ELB.
This post does a good job of outlining that process.
0
 
Nathan RileyFounder/CTOAuthor Commented:
Ok so main point I didn't realize is that I don't have the key file from them.

So I bought a single SSL from Godaddy and got the key and crt file I needed for that subdomain, dropped in directory with my socket.io app and works perfectly now.  

Thanks for clarifying!
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now