• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

ssl

AWS ELB SSL Listener

January 31, 2022

Here’s how to update SSL certificates to AWS ELB.

Import SSL certificate

aws acm import-certificate \
--certificate fileb://example.crt \
--private-key fileb://example.key \
--certificate-chain fileb://example-bundle.crt \
--tags Key=Name,Value=mydomain.com_20220107 \
--profile default

aws acm import-certificate \ --certificate fileb://example.crt \ --private-key fileb://example.key \ --certificate-chain fileb://example-bundle.crt \ --tags Key=Name,Value=mydomain.com_20220107 \ --profile default

Add SSL to a listener.

aws elbv2 add-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

aws elbv2 add-listener-certificates \ --listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \ --certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \ --profile default

Modify listener. Set SSL certificate as default.

aws elbv2 modify-listener \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

aws elbv2 modify-listener \ --listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \ --certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \ --profile default

Remove SSL from a listener.

aws elbv2 remove-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

aws elbv2 remove-listener-certificates \ --listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \ --certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \ --profile default

Filed Under: Linux Tagged With: add, aws, certificate, default, elb, listener, remove, ssl

SSL PEM Expiration

January 6, 2022

Find out when SSL expires from a PEM file.

$ openssl x509 -enddate -noout -in your.cert
notAfter=Jan  5 07:08:14 2032 GMT

$ openssl x509 -enddate -noout -in your.cert notAfter=Jan 5 07:08:14 2032 GMT

notAfter date is returned.

Filed Under: Linux Tagged With: expiration, openssl, pem, ssl

AWS ACM List Certificates

January 4, 2022

How to list SSL certificates in AWS Certificate Manager.

aws acm list-certificates

aws acm list-certificates

Result

{
    "CertificateSummaryList": [
        {
            "CertificateArn": "arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "DomainName": "mydomain.com"
        }
    ]
}

{ "CertificateSummaryList": [ { "CertificateArn": "arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "DomainName": "mydomain.com" } ] }

Describe details about the certificate.

aws acm describe-certificate \
--certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
--region us-east-1 \
--profile my-profile

aws acm describe-certificate \ --certificate-arn arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ --region us-east-1 \ --profile my-profile

Filed Under: Cloud Tagged With: acm, aws, certificate, cli, ssl

Wiki SSL Certificate Location

November 12, 2021

Here’s where the Wiki keeps its SSL certificate keys.

/etc/pki/tls/certs/yourdomain.crt
/etc/pki/tls/private/yourdomain.key

/etc/pki/tls/certs/yourdomain.crt /etc/pki/tls/private/yourdomain.key

In some cases, SSL needs to be converted so it doesn’t prompt you for a password if you restart Apache.

Conversion

openssl rsa -in /etc/pki/tls/private/yourdomain.key.new -out /etc/pki/tls/private/yourdomain.key.new_no_pass

openssl rsa -in /etc/pki/tls/private/yourdomain.key.new -out /etc/pki/tls/private/yourdomain.key.new_no_pass

Filed Under: Linux Tagged With: apache, certificate, location, password, ssl, wiki

Check Certificate Expiration

October 20, 2021

Here’s the openssl command to find out if a cert is expired.

$ openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2> /dev/null | openssl x509 -noout -dates

$ openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2> /dev/null | openssl x509 -noout -dates

Result

notBefore=Apr  9 00:00:00 2020 GMT
notAfter=Apr  9 23:59:59 2022 GMT

notBefore=Apr 9 00:00:00 2020 GMT notAfter=Apr 9 23:59:59 2022 GMT

Filed Under: Linux Tagged With: certificate, expiration, openssl, ssl

GCP Create SSL Certificate

June 13, 2021

gcloud compute ssl-certificates create certificate-name \
--description="ssl cert for domain-name.com" \
--domains=domain-name.com \
--certificate=certificate-file \
--private-key=private-key \
--region=us-central1-c \
--global

gcloud compute ssl-certificates create certificate-name \ --description="ssl cert for domain-name.com" \ --domains=domain-name.com \ --certificate=certificate-file \ --private-key=private-key \ --region=us-central1-c \ --global

Filed Under: Cloud Tagged With: certificate, gcp, ssl

Ubuntu 20.04 LTS Lamp Server

November 10, 2020

Here’s how to install a LAMP server on the latest Ubuntu 20.04 LTS.

Install Apache.

apt install apache2
systemctl status apache2
systemctl is-enabled apache2

apt install apache2 systemctl status apache2 systemctl is-enabled apache2

Install MariaDB.

apt install mariadb-server mariadb-client
systemctl status mariadb
systemctl is-enabled mariadb
mysql_secure_installation

apt install mariadb-server mariadb-client systemctl status mariadb systemctl is-enabled mariadb mysql_secure_installation

Install PHP.

apt install php libapache2-mod-php php-mysql
systemctl restart apache2

apt install php libapache2-mod-php php-mysql systemctl restart apache2

Enable ssl and mod_rewrite.

a2enmod ssl
a2enmod rewrite
systemctl restart apache2

a2enmod ssl a2enmod rewrite systemctl restart apache2

Filed Under: Linux Tagged With: apache, lamp, lts, mariadb, mod_rewrite, php, ssl, ubuntu 20.04

GCP SSL Certificates

October 29, 2020

Here’s how to create a regional SSL Certificate.

gcloud compute ssl-certificates create my-ssl-cert \
--description "describe ssl certificate" \
--domains=domain1.com,domain2.com \
--certificate=cert.pem \
--private-key=private.key \
--region=us-central1

gcloud compute ssl-certificates create my-ssl-cert \ --description "describe ssl certificate" \ --domains=domain1.com,domain2.com \ --certificate=cert.pem \ --private-key=private.key \ --region=us-central1

List the SSL certificates.

gcloud compute ssl-certificates list --project=project-id

gcloud compute ssl-certificates list --project=project-id

Describe the SSL certificate.

gcloud compute ssl-certificates describe my-ssl-cert \
--region=us-central1 \
--project=project-id

gcloud compute ssl-certificates describe my-ssl-cert \ --region=us-central1 \ --project=project-id

Delete SSL certificate.

gcloud compute ssl-certificates delete my-ssl-cert \
--region=us-central1 \
--project=project-id

gcloud compute ssl-certificates delete my-ssl-cert \ --region=us-central1 \ --project=project-id

Filed Under: Cloud Tagged With: certificate, create, delete, describe, gcloud, list, ssl

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023