Setup an Comodo positive SSL cert on AWS Cloudfront
Buy Comodo positive SSL cert via namecheap
Inspect last years cert:
openssl req -noout -text -in tylercipriani_com.csrGenerate private key and signing request
You can generate a new key as a separate step, or as part of the
reqcommandTo generate a new key manually use:
openssl genrsa -out /path/to/output.key 2048 mkdir -p ~/Projects/Certs/com.tylercipriani/2015-11-24 cd ~/Projects/Certs/com.tylercipriani/2015-11-24To generate a new key as part of a signing reuest use:
openssl req -sha256 -new -newkey rsa:2048 -nodes -keyout /path/to/output.key -out /path/to/output.csr ensures output key is not encrypted ────┘Answer lots of questions
Country Name (2 letter code) [XX]:US State or Province Name (full name) []:Colorado Locality Name (eg, city) [Default City]:Longmont Organization Name (eg, company) [Default Company Ltd]:Tyler Cipriani Organizational Unit Name (eg, section) []:. Common Name (eg, your name or your server's hostname) []:tylercipriani.com Email Address []:spam@tylercipriani.com A challenge password []:- What is a challenge password: https://tools.ietf.org/html/rfc2985#page-16
Should now have a
tylercipriani_com.csrand antylercipriani_com.keyDo the namecheap needful:
- Login to namecheap and activate your certificate
xsel -p < tylercipriani_com.csrthen paste in the “Enter CSR” field- Choose, “Apache, Nginx, or Other” as the server type
- Verify the domain, click “Next”
- Verify CSR info, click “Next”
- Select “Email-based” Domain Control Validation (DCV) method
- Company contacts page, “NA” as company name, my address in address, tyler@tylercipriani.com in admin email
You’ll get an email that asks you to enter a validation into a Comodo site, do that
You’ll get an email with
tylercipriani_com.zipaws configureto ensure that your awscli is setupUse awscli to upload
awscli iam upload-server-certificate \ --server-certificate-name tylercipriani_com_2015-11-24 \ --certificate-body file://tylercipriani_com.crt \ --private-key file://tylercipriani_com.key \ --certificate-chain file://tylercipriani_com.ca-bundle \ --path /cloudfront/Login to your aws dashboard, click cloudfront, go do Distribution Settings, click edit, find the new ssl key name in the dropdown and click, “Yes, edit”
Should work…