0

This is an application without a load balancer - a single instance. I found and understood the documentation on how to get this done when using Tomcat, as I'm doing. The crux of the problem is that the explanations refer to the private and public keys of the certificate which should be used. Where are the AWS issued certificate private and public keys stored? This is what I've discovered so far:

I've gone through all the documentation and now have to create some conf files in .ebextenstions. No problems there. However, I have to supply both the private and public keys. In the example code, the private key is server.key and the public one server.crt. I have found cert.pem in /etc/pki/tls and both ca-bundle.crt and ca-bundle.trust.crt in /etc/pki/tls/certs. Are these the keys of the certificate I requested from AWS? Is cert.pem the private key? I've looked at all with Nano and am not too sure. What's the deal with the other two files? According to the documentation, one should load the private key to S3. If cert.pem is the private key, how do I do that from the command line once logged in and should I save that as server.key? I will appreciate any help.

Chris Malan
  • 127
  • 1
  • 8

1 Answers1

0

SSL certificates have three components: the certificate (publicn unique to your site), the chain (public, establishes the traceable chain of trust, common to many or all certs from the same certificate authority, and the key (private/secret).

A server cannot use a certificate without the key. Amazon Certificate Manager does not expose the key to you -- only the certificate and the chain -- so, for this reason, it is not possible to use public ACM certificates without also using either a load balancer or CloudFront.

When an ACM cert is used with a load balancer or CloudFront, the private key is provided to the balancer or the ClouldFront front-ends from ACM over internal channels.

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427