How to Get Self Signed Certificate in Ec2

Question

I am working in Ec2 instance. I have connected my php files like http://13.57.220.172/phpinsert.php. But it is not secured site. So i want to convert http into https://13.57.220.172.

I have cloudflare ssl. When i try to add ssl certificate. It shows

com.amazonaws.pki.acm.exceptions.external.ValidationException: Provided certificate is not a valid self signed. Please provide either a valid self-signed certificate or certificate chain. Choose Previous button below and fix it.

i have enclose the image with it.

So how can i get the self signed certificate. is there any online tool available.

you should not expose your private key (the image) – flagg19 Jun 19 '19 at 07:32 — flagg19, Jun 19 '19 at 07:32
@flag19 I have changed the image – cloudfire Jun 19 '19 at 10:12 — cloudfire, Jun 19 '19 at 10:12

score 1 · Answer 1 · answered Jun 19 '19 at 13:22

I think the error message your seeing has to do with this sentence:

If your certificate is signed by a CA, you must include the certificate chain when you import your certificate.

from https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-prerequisites.html.

Since it sounds like you're not yet in "production" mode, I'm guessing you're not particularly attached to your existing certificate, but just want a certificate to be able to do HTTPS on your web server (and don't really care if it's self-signed).

If you want to use AWS Certificate Manager, I think it would be easier to just let them (AWS) issue you a certificate instead of trying to import one from somewhere else. AWS doesn't charge anything for certificates. https://docs.aws.amazon.com/acm/latest/userguide/acm-billing.html

Even if you get the certificate setup in AWS Certificate Manager, that's not going to be installed directly on your EC2 instance, but rather (most likely) on a load balancer in front of your web server, which will add a little complexity to your setup. https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html

If all you want to do is use HTTPS on your web server, Let's Encrypt (also free) is probably a simpler option. If you are using AWS Linux 2, there are instructions for getting a certificate here - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html

Let's Encrypt does not issue certificates for a bare IP address though, you've gotta have an FQDN. — Tanmay Agrawal, Oct 12 '20 at 20:19

score 0 · Answer 2 · answered Oct 15 '20 at 05:45

Well, add to the points which @jefftrotman has already mentioned.

If your expectation is to just secure your IP address using HTTPS you can achieve that using the below approaches:

A SELF SIGNED certificate that you can create using OpenSSL.
You can also get an SSL certificate from a trust signing authority like (GoDaddy or VeriSign) or Let's encrypt.

The only requirement in the second point is that for getting a certificate from a valid signing authority you need to have a domain name like "myphpapp.com" and then use this domain to get the SSL certificate.

The below details are in case you want to use AWS ACM(Amazon Certificate Manager)

If you prefer ACM, you can get the free Public SSL certificate which you can map to the IP address and your web application will be secured.
If your requirement is to add SSL certificates (like PEM files) to a web server like NGINX or Apache then you first need to create a Private CA using in ACM and then you using this CA you will be able to create Private SSL certificates. After creating those you can export the files and add those files to the configuration file. (try to use Amazon Linux 2) ec2 image for ease.

How to Get Self Signed Certificate in Ec2

2 Answers2