How to install third-party SSL Certificate with AWS EC2 Instance (Ubuntu AMI)? Will it cost one-time or monthly basis?

huangapple go评论128阅读模式
英文:

How to install third-party SSL Certificate with AWS EC2 Instance (Ubuntu AMI)? Will it cost one-time or monthly basis?

问题

  1. 我已经从COMODO SSL Store购买了SSL证书。
  2. 我有一个AWS EC2实例,使用Ubuntu AMI。

我想在AWS上安装这个SSL证书,但无法使其工作。我只想将此证书用于我的网站'somewebsite.com',不需要负载均衡器或其他任何东西。

我找到了这个链接,但它包括负载均衡器,而我不需要
https://cheapsslsecurity.com/blog/install-ssl-certificate-on-amazon-web-services-aws/

我尝试了这个链接,但我认为这不是正确的方法。这个教程可能不适用于AWS,可能只适用于本地系统上的本地主机。
https://www.ssldragon.com/blog/how-to-install-an-ssl-certificate-for-localhost-xampp/

最后,我联系了COMODO,他们给了我这个教程
https://www.thesslstore.com/knowledgebase/ssl-install/amazon-web-services-ssl-installation/

然后我了解到了AWS证书管理器,但我无法确定是否会有额外的费用。我已经在支付COMODO了,我不想额外支付给Amazon获取证书。

我找到了几种在AWS EC2实例上安装第三方SSL证书的不同方法的教程,但无法使其工作,无法找到正确的方法,也无法确定该方法是否会额外收费。

如果能指导我走向正确的方向,我将不胜感激。

请帮助。

英文:
  1. I have purchased SSL Certificate from COMODO SSL Store.
  2. I have AWS EC2 Instance with Ubuntu AMI.

I want to install this SSL certificate on AWS but couldn't make it work. I just want to use this certificate with my website 'somewebsite.com' and nothing else like load balancer or something else.

I found this but it has load balancer which I dont want
https://cheapsslsecurity.com/blog/install-ssl-certificate-on-amazon-web-services-aws/

I tried this but I guess this is not the right way. This tutorial probably not for AWS, just for localhosts on local systems maybe.
https://www.ssldragon.com/blog/how-to-install-an-ssl-certificate-for-localhost-xampp/

Finally I contacted COMODO and they gave me this tutorial
https://www.thesslstore.com/knowledgebase/ssl-install/amazon-web-services-ssl-installation/

Then I came to know about AWS Certificate Manager but I couldn't make sure if this will attract any charges. I am already paying COMODO and I dont want to pay extra to Amazon for certificate.

I kind of find tutorials with 4-5 different ways to install third party SSL on AWS EC2 Instance but cant make it work, cant figure out the right way and cant make sure if that way will cost me extra or not.

Even pointing me in the right direction will be appreciated.

Please Help.

答案1

得分: 1

关于ACM发布的证书,您不能在没有负载均衡器的实例上使用它。

您可以在以下AWS服务中使用公共和私有ACM证书:
• Elastic Load Balancing - 请参阅Elastic Load Balancing文档
• Amazon CloudFront - 请参阅CloudFront文档
• Amazon API Gateway - 请参阅API Gateway文档
• AWS Elastic Beanstalk - 请参阅AWS Elastic Beanstalk文档

参考链接:
https://aws.amazon.com/certificate-manager/faqs/

您分享的链接中没有解释如何为没有负载均衡器的实例配置SSL,除了https://www.ssldragon.com/blog/how-to-install-an-ssl-certificate-for-localhost-xampp/。您必须使用真实的证书,而不是教程中显示的那个。

希望这有所帮助。

英文:

In regards to ACM issued certificates, you cannot use it with an instance without a load balancer.

> You can use public and private ACM certificates with the following AWS
> services: • Elastic Load Balancing – Refer to the Elastic Load
> Balancing documentation • Amazon CloudFront – Refer to the CloudFront
> documentation • Amazon API Gateway – Refer to the API Gateway
> documentation • AWS Elastic Beanstalk – Refer to the AWS Elastic
> Beanstalk documentation

Reference:
https://aws.amazon.com/certificate-manager/faqs/

None of the links you shared explains how to configure ssl for an instance without load balancer, except https://www.ssldragon.com/blog/how-to-install-an-ssl-certificate-for-localhost-xampp/. you have to use your real certificate instead of the one showed in the tutorial.

Hope this helps.

答案2

得分: 1

你可以通过上传你的COMODO证书来使用Amazon证书管理器。然而,ACM证书只能被Elastic Load Balancers、Cloudfront和一些其他AWS服务使用(而不能用于EC2)。

你需要查看关于在Ubuntu上安装证书的说明。

如果你使用apache2软件包,你可以将证书复制到/etc/ssl/certs,并将密钥复制到/etc/ssl/private,然后编辑/etc/apache2/sites-available/default-ssl.conf,搜索"SSLCertificate"并修改以下行(将它们修改为与你上传的COMODO证书和密钥的名称和路径相匹配):

SSLCertificateFile /etc/ssl/certs/comodo-cert.pem
SSLCertificateKeyFile /etc/ssl/private/comodo-key.pem

启用SSL配置,然后重新启动web服务器。

ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/
apachectl configtest
apachectl graceful

如果你使用nginx,我不具备提供说明的资格。但是,快速搜索在Ubuntu上安装SSL证书的方法应该能帮助你。

英文:

You can use Amazon Certificate Manager by uploading your COMODO cert. However, ACM certs can only be used by Elastic Load Balancers, Cloudfront, and a few other AWS services (and NOT EC2).

You will want to look into the instructions for just installing the certificate on Ubuntu.

If you're using the apache2 package, you can copy the certificate to /etc/ssl/certs and copy the key to /etc/ssl/private, then edit /etc/apache2/sites-available/default-ssl.conf search for "SSLCertificate" and change the following lines (modify them to match the name and path of the comodo cert and key you uploaded):

SSLCertificateFile /etc/ssl/certs/comodo-cert.pem
SSLCertificateKeyFile /etc/ssl/private/comodo-key.pem

Enable the SSL configuration, and restart the webserver.

ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/
apachectl configtest
apachectl graceful

If you're using nginx, I'm not qualified to provide instructions. But a quick search for installing SSL cert on Nginx on Ubuntu ought to set you straight.

huangapple
  • 本文由 发表于 2020年1月3日 23:19:09
  • 转载请务必保留本文链接:https://go.coder-hub.com/59581061.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定