emSign Knowledge Base
  • emSign
  • Getting Started
    • About emSign
    • Why emSign?
    • Key Highlights
      • Root Store Listings
      • Trust
      • Security
    • Certificate Lifecycle and Key Management Platform (CERTInext)
  • emSign CERTInext
    • Overview
    • Getting Started
      • Enterprise Sign up
      • Partner Sign up
      • Retail Customers
      • Multi-factor & Trusted login
        • Multifactor Authentication and Single Sign On
        • Enforce 2FA
        • IP Restrictions
        • Digital Certificate based login
      • Alerts and Notifications
    • User and Group Management
    • Ordering a Certificate
      • As a Customer
        • DV certificates
        • OV Certificates
        • EV Certificates
        • SMIME Certificates
        • Intranet SSL Certificate
        • IGTF Certificates
        • Subscription Plan Coverage for SSL Products
        • Group-based Certificates Ordering
        • Ordering using Custom Fields
      • As a Partner
        • Order for Customers
        • Order for Sub-accounts
      • Requester Approval Workflows
        • EV requests by Authorized Signatory
        • Certificate requests by Administrator
      • Submitting a Certificate Signing Request (CSR)
        • Submit CSR for Pending Orders
        • Replace CSR for Pending Orders
      • Downloading Certificates
        • Download Interim DV
        • Download Certificate
      • Post Order Actions
        • Renew Certificate
        • Revoke an issued Certificate
        • Reissue Certificate
        • Add / Remove SANs for Multi-Domain SSL
    • Management
      • Domains
      • Organizations
      • Orders
      • Products
      • Templates
        • CSR Templates
        • Provisioning Templates
    • Integrations
      • Using APIs to Order
        • REST APIs
        • ACME APIs
      • Tools
        • eMudhra Certificate Utility Tool
        • eMudhra emSign Click Tool
          • Procedure for installing Certificate in HSM
          • Procedure for Attested CSR Generation
      • CA Connectors
    • Billing & Payments
      • Add Credits
      • Invoices
      • Statement (Ledger Statement)
      • Product Price List
    • Reports
      • Orders Report
      • Overall Statistics
      • Certificates Report
      • Key Store Report
      • Key Report
      • Sales Summary
      • Audit Logs
    • Settings
      • Reporting Tags
      • Manage Schedules
      • Custom Fields
    • Certificate Lifecycle Management
      • Discover Certificates
      • emSign CERTInext Bot
    • Key Lifecycle Management
      • Manage Keys
      • Key Profiles
      • Key Store
  • Consent Management
  • Certificate Approval Process
    • Domain Validation (DV) Process
    • Organization Validation (OV) Process
    • Extended Validation (EV) Process
    • User Certificates Process
    • SMIME Certificate Process
    • Qualified Sources
  • Certificate Installation
    • Before you install
    • Browser Compatibility
    • emSign's Security Seal
    • Installing SSL Certificate on IIS
    • Installing SSL Certificate on cPanel
    • Installing SSL Certificate on Amazon Web Services (AWS)
    • Installing SSL Certificate on Apache
    • Installing SSL Certificate on Plesk 12
    • Installing SSL Certificate on NGINX
    • Installing SSL Certificate on Google App Engine
    • Installing SSL Certificate on WHM
    • Installing SSL Certificate on Ubuntu
    • Installing SSL Certificate on Tomcat
    • Installing SSL Certificate on Heroku
    • Installing SSL Certificate on Bigcommerce
    • Installing Root & Intermediate Certificates for Intranet SSL
    • Supported Devices for auto-provisioning of certificates
    • SSL/TLS Server Rating Guide
  • Release Notes
    • Introduction
    • R1619 (07-Apr-2025)
    • R1591 (10-Mar-2025)
    • R1581 (28-Feb-2025)
    • R1553 (31-Jan-2025)
    • R1522 (31-Dec-2024)
    • R1490 (29-Nov-2024)
    • R1460 (30-Oct-2024)
    • R1427 (27-Sep-2024)
    • R1371 (02-Aug-2024)
    • R1354 (16-Jul-2024)
    • R1300 (23-May-2024)
    • R1251 (04-Apr-2024)
    • R1230 (14-Mar-2024)
    • R1196 (09-Feb-2024)
    • R1167 (11-Jan-2024)
    • R1152 (27-Dec-2023)
    • R1139 (14-Dec-2023)
    • R1124 (29-Nov-2023)
    • R1115 (20-Nov-2023)
    • R1101 (06-Nov-2023)
    • R1075 (11-Oct-2023)
    • R1062 (28-Sep-2023)
    • R1046 (12-Sep-2023)
    • R1039 (05-Sep-2023)
    • R1031 (28-Aug-2023)
    • R1024 (21-Aug-2023)
    • R1001 (29-Jul-2023)
Powered by GitBook

© eMudhra. All Rights Reserved.

On this page

Was this helpful?

Export as PDF
  1. Certificate Installation

Installing SSL Certificate on Amazon Web Services (AWS)

PreviousInstalling SSL Certificate on cPanelNextInstalling SSL Certificate on Apache

Last updated 1 year ago

Was this helpful?

o install an SSL certificate on an AWS service, the specific steps can vary depending on the AWS service you are using. Here, I'll provide general instructions for installing an SSL certificate on Amazon Web Services. The process typically involves creating or importing an SSL certificate, associating it with a resource (e.g., an EC2 instance or a load balancer), and configuring your service to use HTTPS.

Prerequisites

  • To convert your .cer into different file formats, Utilize our eMudhra utility tool to seamlessly transform your files into .cer, .pfx (.p12), .jks, or .pem formats, and conveniently import zip files using our CSR tool."

Here are the general steps to install an SSL certificate on AWS, Choose one of the two installation methods below for installing the SSL Certificate.

Upload Certificate via Management Console

Now that you have downloaded your certificate files, please follow the steps below to install in on your EC2 instance. In summary, you will need to upload your certificate files to IAM and allocate the certificate to your EC2 load balancer instance.

  1. Log in to your AWS management console and navigate to the EC2 console.

  2. Navigate to the EC2 Console.

  3. Choose Load Balancer under the "Network and Security" section.

  4. Select the load balancer you would like to allocate your certificate to.

  5. Go to the Listener tab, click on "Edit" and then "Add". Choose "HTTPS" as the protocol. Next, under SSL certificate select "Change" and click on "Upload a new certificate to AWS Identity and Access Management (IAM)."

  6. Now enter your certificate details: this includes a name for your certificate, your private key (private.key), the primary certificate file (certificate.crt), and the certificate chain (ca_chain.crt) by pasting file contents into the designated areas.

  7. Finally, click on the "Save" button.

Upload Certificate via CLI

Alternatively, you can also use the AWS command-line interface (CLI) in order to upload your certificate files to IAM. To use the AWS command-line interface for uploading your certificate to an EC2 instance, please follow the steps below.

Important Note: Please note order for your upload to work, you may be required to rename your .crt files to .pem. To convert the file format you can use our eMudhra CSR generator tool. In case if you do not have tool in place to download the tool.

You can use the following command in order to upload your certificate files to IAM: The certificate_object_name parameter above can be used to provide a name for your certificate object. Please also note that when you specify a file as a parameter (e.g. for certificate-body), file:// must be included.

aws iam upload-server-certificate --server-certificate-name certificate_object_name --certificate-body file://certificate.crt --private-key file://private.key --certificate-chain file://ca_bundle.crt

IAM Upload Criteria When uploading certificate files, IAM will verify if the following criteria are met:

  • Certificate files (certificate.csr and ca_bundle.crt) must be in X.509 PEM format.

  • The current date must be between the certificate issuance and the expiration date.

  • The certificate and private key files should contain only a single item, not multiple items.

  • The private key must match the certificate.

  • The private key must start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY---.

  • The private key must be encrypted with a password.

Check Installation

You have completed all the required steps to install your SSL certificate. Verify that the SSL certificate is correctly installed by accessing your website or service using HTTPS. After installing your certificate, it is a good practice to test your SSL setup using various online tools to ensure everything is working correctly.

Click here