• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Search

certificate

AWS ELB SSL Listener

January 31, 2022

Here’s how to update SSL certificates to AWS ELB.

Import SSL certificate

aws acm import-certificate \
--certificate fileb://example.crt \
--private-key fileb://example.key \
--certificate-chain fileb://example-bundle.crt \
--tags Key=Name,Value=mydomain.com_20220107 \
--profile default

aws acm import-certificate \ --certificate fileb://example.crt \ --private-key fileb://example.key \ --certificate-chain fileb://example-bundle.crt \ --tags Key=Name,Value=mydomain.com_20220107 \ --profile default

Add SSL to a listener.

aws elbv2 add-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

aws elbv2 add-listener-certificates \ --listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \ --certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \ --profile default

Modify listener. Set SSL certificate as default.

aws elbv2 modify-listener \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

aws elbv2 modify-listener \ --listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \ --certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \ --profile default

Remove SSL from a listener.

aws elbv2 remove-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

aws elbv2 remove-listener-certificates \ --listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \ --certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \ --profile default

Filed Under: Linux Tagged With: add, aws, certificate, default, elb, listener, remove, ssl

AWS ACM List Certificates

January 4, 2022

How to list SSL certificates in AWS Certificate Manager.

aws acm list-certificates

aws acm list-certificates

Result

{
    "CertificateSummaryList": [
        {
            "CertificateArn": "arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "DomainName": "mydomain.com"
        }
    ]
}

{ "CertificateSummaryList": [ { "CertificateArn": "arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "DomainName": "mydomain.com" } ] }

Describe details about the certificate.

aws acm describe-certificate \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--region us-east-1 \
--profile my-profile

aws acm describe-certificate \ --certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --region us-east-1 \ --profile my-profile

Filed Under: Cloud Tagged With: acm, aws, certificate, cli, ssl

Wiki SSL Certificate Location

November 12, 2021

Here’s where the Wiki keeps its SSL certificate keys.

/etc/pki/tls/certs/yourdomain.crt
/etc/pki/tls/private/yourdomain.key

/etc/pki/tls/certs/yourdomain.crt /etc/pki/tls/private/yourdomain.key

In some cases, SSL needs to be converted so it doesn’t prompt you for a password if you restart Apache.

Conversion

openssl rsa -in /etc/pki/tls/private/yourdomain.key.new -out /etc/pki/tls/private/yourdomain.key.new_no_pass

openssl rsa -in /etc/pki/tls/private/yourdomain.key.new -out /etc/pki/tls/private/yourdomain.key.new_no_pass

Filed Under: Linux Tagged With: apache, certificate, location, password, ssl, wiki

Check Certificate Expiration

October 20, 2021

Here’s the openssl command to find out if a cert is expired.

$ openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2> /dev/null | openssl x509 -noout -dates

$ openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2> /dev/null | openssl x509 -noout -dates

Result

notBefore=Apr  9 00:00:00 2020 GMT
notAfter=Apr  9 23:59:59 2022 GMT

notBefore=Apr 9 00:00:00 2020 GMT notAfter=Apr 9 23:59:59 2022 GMT

Filed Under: Linux Tagged With: certificate, expiration, openssl, ssl

AWS Request Domain Renewal

September 17, 2021

Occassionally, AWS requires validation of your domain via email message. Here’s the command to send a request.

aws acm resend-validation-email \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--domain yourdomain.com \
--validation-domain yourdomain.com
 
aws acm resend-validation-email \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--domain www.yourdomain.com \
--validation-domain yourdomain.com

aws acm resend-validation-email \ --certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --domain yourdomain.com \ --validation-domain yourdomain.com aws acm resend-validation-email \ --certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --domain www.yourdomain.com \ --validation-domain yourdomain.com

You will need acm:ResendValidationEmail permission to run the command.

Filed Under: Cloud Tagged With: acm, awscli, certificate, renewal, validation

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to Next Page »
  • Home
  • About
  • Search

Copyright © 2023