Hey guys I’m back with a new article about installing an SSL certificate on Amazon EC2 Linux AMI 64 bit. It’s quite easy to install SSL certificates on cPanel or managed hosting, but when you are hosted on Amazon EC2 you are the manager, developer, maintainer and Superman behind your blog or website if you are alone doing all the stuff. I installed an SSL certificate on my blog and one another website of mine just a few months ago with a lot of confusions and struggle because of lack of details I could find on web. There are articles about installing SSL on apache but trust me they are all different in one or other way specially when installing on EC2.
I had to figure out 80% of the work on my own from enabling apache for SSL to successfully activate SSL on my WordPress blog. I will not discuss the need for SSL in this article as you can find it on google easily. This website is also having an SSL certificate; look at the address bar with a green lock icon. Let’s just start our work quick and easy. I have created a video guide following this article, you can watch the video below or follow along this article.
I’m listing each and every step to avoid any error occurring in the server configuration. Please follow slowly and be patience, don’t go away it is very easy.
What I am using
- Amazon EC2 Linux AMI 64x
- Free SSL certificate from StartCom.Get a free SSL Certificate from StartSSL
Preparing files we need
When you have an SSL certificate, you will be having a few files with you, Please make sure you have below files.
- private.key (decrypted version of ssl.key )
Please refer below article for more details.
Login to your Amazon Linux AMI with your favorite tool, here I’m using Ubuntu terminal to log into my EC2. Upload the certificate files we generated above to your home directory, I’m using WinSCP to upload files to my EC2.
Placing our files in proper directory
You can put your certificate files in any directory but remember the path to the files, which is required to edit configuration files. We will put all certificate files in conf directory in this article.
Type in bellow commands to copy your certificate files to conf directory. (Make sure your files are in root directory)
sudo cp private.key /etc/httpd/conf/private.key sudo cp ssl.crt /etc/httpd/conf/ssl.crt sudo cp sub.class1.server.ca.pem /etc/httpd/conf/sub.clashs1.server.ca.pem
Check if SSL module is installed (if you are not sure)
Type this command,
ls -l /etc/httpd/conf.d
A list of files will be listed, if you see a file named ssl.conf then you are good to move to section Editing ssl.conf file down, else follow along the way.
If ssl.conf is not there in the directory then you need to install ssl module to apache which is by default not enabled in some installations. Type the below command in your EC2 to install ssl module.
sudo yum install mod_ssl
If you have installed httpd24 in your EC2 you will get httpd24 conflict with httpd ….. ERROR message, then type below command instead.
sudo yum install mod24_ssl
Editing ssl.conf file
Change your current directory to conf.d by typing below command.
Now when you are inside conf.d directory and our ssl.conf file exist in this directory edit this file with your favorite editor. I’m using nano editor for easy editing the files.
Type in below command to edit ssl.conf file
sudo nano ssl.conf
You will see an editor like the one shown in below image.
press ctrl + w (to enter search mode.)
Type sslcertificatefile and press Enter
Again press ctrl + w and press enter to search next instance of the matched string. Repeat the process till you see a section as displayed below. (Around 2 – 3 searches)
#is a comment in configuration files and we need to comment out the below line.
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt (insert one # at starting, see in above image) Now press ctrl + w and write SSLCertificateKeyFile (press enter)
Repeat the process I mentioned above to find the section displayed in below image.
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ( insert one # at starting, see in above image) Now press ctrl + w and write SSLCertificateChainFile (press enter)
Find line #SSLCertificateChainFile /[do not care]/usually/path/to/file
Here the line #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt is already commented, if not then add a # and comment it out. See image from below section for better reference.
All necessary changes are done at this moment and we will add our certificate details in this step now.
You are now at this line #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
Below this line add the following lines without # at beginning.
See below image for better reference.
Finale change in configuration file
Press ctrl + w and type ssl cipher suite
You will find a section as shown in below image. Make changes as highlighted in below image. Add below line as shown in image below.
Now type ctrl + x, when prompted press y and then just press enter to save the file.
Test the configuration we did above
In command line type below command to test the configuration file.
If there are any errors, solve them by referring the line number. Make sure file paths are correct. If you have stored certificate files somewhere else then make the changes in file paths accordingly.
If status is OK. You are good to go ahead and restart your server.
sudo service httpd restart
Your server is ready to serve over https, try accessing your website with https. If your website is not working with https try refreshing for several times and if you are using any CDN then make sure it supports https.
If you are setting up SSL for your WordPress blog, you need to enter https version of address in your general settings WordPress URL and Site URL.
If you get into any trouble feel free to comment below.