Solved

Where are AWS Certificate Manager SSL's Stored in Centos?

Posted on 2016-10-13
2
45 Views
Last Modified: 2016-10-13
I have a socket.io setup that sends requests over SSL.

I need to locate the .key and .crt file on my aws ec2 instance.

I see in /etc/ssl/certs/ there are two files:
ca-bundle.crt and ca-bundle.trust.crt

But no .key file.  Where can I find this in CENTOS?

Reason I need is that I have the ssl installed on the load balancer that is in front of my ec2 instance so the request via socket.io comes in no problem, but the response back out from the ec2 instance right now is not secure and I'm getting a net::ERR_INSECURE_RESPONSE  on the app side.
0
Comment
Question by:N R
2 Comments
 
LVL 12

Accepted Solution

by:
Phil Phillips earned 500 total points
ID: 41842906
The certificates for AWS Certificate Manager can only be used by supported AWS services (currently, ELB and CloudFront).  You can't get the private key files for them.

The easiest solution is to use the ELB for SSL termination.  For the HTTPS listener, you can forward it to instance port 80.  Only instances inside of your VPC will be able to sniff traffic, so this is fairly secure - especially if you have your VPC locked down.

If you absolutely require encryption from the ELB to the instances, then you have to use your own certificate on the instance. If you don't have a valid certificate, you can self-sign it, but it requires some extra steps:
  1. Create ELB policy of type "PublicKeyPolicyType" - associate your public key.
  2. Create an ELB policy of type "BackendServerAuthenticationPolicyType", and associate it with the PublicKeyPolicyType from above.
  3. Associate BackendServerAuthenticationPolicyType with with the ELB.
This post does a good job of outlining that process.
0
 
LVL 11

Author Comment

by:N R
ID: 41843023
Ok so main point I didn't realize is that I don't have the key file from them.

So I bought a single SSL from Godaddy and got the key and crt file I needed for that subdomain, dropped in directory with my socket.io app and works perfectly now.  

Thanks for clarifying!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now