Security is a critically important factor in the success of any website. You need to set up a security certificate so that your server data will be secure. SSL certificates are a set of small data which binds a cryptographic key to an organization’s details.
When you set this up, you have the option of creating a self-signed certificate or creating a certificate approved by a certificate authority.
Whether you sign a certificate yourself or get one signed by a certificate authority, both establish a secure connection between web server and browser and encrypted data is sent over an HTTPS connection. Basically, self-signed certificates are ideal for a test environment, where you need to test over an HTTPS connection and don’t want to pay for the certificate authority.
This article mainly focuses on creating a self-signed certificate which will need the following:
- A Public Key
- A Private Key
- A Certificate Signing Request (CSR)
Security is a critically important factor in the success of any website. You need to set up a security certificate so that your server data will be secure. SSL certificates are a set of small data which binds a cryptographic key to an organization’s details.
When you set this up, you have the option of creating a self-signed certificate or creating a certificate approved by a certificate authority.
Whether you sign a certificate yourself or get one signed by a certificate authority, both establish a secure connection between web server and browser and encrypted data is sent over an HTTPS connection. Basically, self-signed certificates are ideal for a test environment, where you need to test over an HTTPS connection and don’t want to pay for the certificate authority.
This article mainly focuses on creating a self-signed certificate which will need the following:
- A Public Key
- A Private Key
- A Certificate Signing Request (CSR)
The Private and Public Keys are a part of encryption to encode information that will be transmitted. Both keys work in symmetric and asymmetric encryption. Asymmetric encryption uses both private and public keys for better security. The sender sends a message that is encrypted using public key and receiver decrypts it using the private key. However, in symmetric encryption, the same key i.e private key is used to encrypt as well as decrypt the message.
The Process
You can use OpenSSL toolkit to generate the encryption keys and CSR. The first step would be to create a 2048 bit RSA key stored in PEM format so that it is readable as ASCII text. Use the following command in a Linux command line already configured with OpenSSL.
openssl genrsa -out private.pem 2048
Next up, to create a public key (public.pem), use the following command,
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
Once the encryption keys are created, you can proceed on creating a Certificate Signing Request (CSR). When generating a CSR, you will be prompted to provide additional information regarding the certificate.
openssl req -new -key private.pem -out certificate.csr
Now you have your private key as well as the CSR, you can issue the following command to create your own self-signed certificate.
openssl x509 -req -days 365 -in certificate.csr -signkey private.pem -out certificate.crt
Uploading the certificate to AWS
Now you have created an SSL certificate and it’s time to upload it to AWS. Use the AWS CLI to upload the certificate. Therefore the AWS CLI should be pre-configured. Then, you can use the following command to upload the certificate.
aws iam upload-server-certificate –server-certificate-name my-server-test –certificate-body file://certificate.crt –private-key file://private.pem