Enabling SSL on apache instance on EC2

Question

I have an EC2 instance that is using Amazon\'s custom linux install with built in apache. This install also has openssl installed. That being said, there does not appear t

Answer 1

I managed to enable SSL on my ec2 instance and to install a free ssl certificate from startssl.com. I made a few mistakes, this is the basic approach:

1. Signup to startssl.com by clicking Control Panel link
   • Complete the signup process. You will need to verify your email address.
2. Validate your domain under Validation Wizard -> Domain Name Validation
3. Get a Certificate by Certificate Wizard
   • Choose: Web Server SSL/TLS Certificate
   • Enter a password that will be used to encrypt the private key. You will need this later.
   • I chose keysize of 4096
   • Save the encrypted private key as ssl.encrypted.key someplace
   • ?? I forget what happened next
   • Save the certificate file as ssl.crt someplace. For me I had to wait 30 minute then it appeared under Tool Box -> Retrive Certificate
4. Use openssl to decrypt the encrypted ssl.encrypted.key file
   • sudo openssl rsa -in ssl.encrypted.key -out ssl.unencrpted.key
   • startssl.com also have a decrypt option on their website, but it didn't work for me
5. putty/ssh onto your ec2 machine
6. install mod_ssl
   • sudo yum install mod_ssl
7. Replace the default certificate and key
   • sudo vi /etc/pki/tls/certs/localhost.crt
   • Paste in the contents of ssl.crt
   • Make sure it pastes correctly! I always lose the first 6 characters
   • Use :%d to delete the existing certificate if required
   • [ESC] wq
   • sudo vi /etc/pki/tls/private/localhost.key
   • Paste in the contents of ssl.unencrypted.key
   • Again make sure it pastes correctly!
   • [ESC] wq
8. Check the configuration
   • apachectl configtest
9. Restart
   • sudo service httpd restart
   • I had issues restarting and I think what fixed it was sudo kill -9 httpd