Setup an Comodo positive SSL cert on AWS Cloudfront Buy Comodo positive SSL cert via namecheap Inspect last years cert: Generate private key and signing request You can generate a new key as a separate step, or as part of the
To generate a new key manually use: To generate a new key as part of a signing reuest use: Answer lots of questions Should now have a Do the namecheap needful: You’ll get an email that asks you to enter a validation into a
Comodo site, do that You’ll get an email with
Use awscli to upload Login to your aws dashboard, click cloudfront, go do Distribution
Settings, click edit, find the new ssl key name in the dropdown and
click, “Yes, edit” Should work…
openssl req -noout -text -in tylercipriani_com.csr
req
commandopenssl genrsa -out /path/to/output.key 2048
mkdir -p ~/Projects/Certs/com.tylercipriani/2015-11-24
cd ~/Projects/Certs/com.tylercipriani/2015-11-24
openssl req -sha256 -new -newkey rsa:2048 -nodes -keyout /path/to/output.key -out /path/to/output.csr
ensures output key is not encrypted ────┘
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Colorado
Locality Name (eg, city) [Default City]:Longmont
Organization Name (eg, company) [Default Company Ltd]:Tyler Cipriani
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:tylercipriani.com
Email Address []:spam@tylercipriani.com
A challenge password []:
tylercipriani_com.csr
and an
tylercipriani_com.key
xsel -p < tylercipriani_com.csr
then paste in the
“Enter CSR” fieldtylercipriani_com.zip
aws configure
to ensure that your awscli is
setupawscli iam upload-server-certificate \
--server-certificate-name tylercipriani_com_2015-11-24 \
--certificate-body file://tylercipriani_com.crt \
--private-key file://tylercipriani_com.key \
--certificate-chain file://tylercipriani_com.ca-bundle \
--path /cloudfront/
Posted