Amazon Web Services (AWS)

5 days ago
Admin
3 minutes

Generate CSR for AWS – HTTPS Load Balancers

Description:
Generating a Certificate Signing Request (CSR) file for Amazon Web Services’ (AWS) HTTPS Load Balancers requires the use of OpenSSL.

Note: To check whether OpenSSL is already installed, run the command “openssl version” without the parenthesis. If OpenSSL is not installed, you must install it.

Step 1: Generate the Private Key

  1. Using the Linux instance, run the following command to create the Private Key file.

    Note: 2048-bit key lengths or higher is required.

    openssl genrsa -out yourpivatekey_filename.key 2048

    Note: The Private key should be generated without pass phrase/password. Hence, make sure to save the Private key on your end at safe location as it will be required for installation of certificate.

Step 2: Generate the CSR

  1. Run the following command to generate a CSR file based off the Private Key file that was created from Step 1 above.

    Note: You will be asked for the Private Key’s pass phrase created from Step 1 above when running this command.

    openssl req -new -key yourprivatekey_filename.key -out yourcsr_filename.csr

  2. Enter the Distinguished Name (DN) Fields:
    • Country Name: Enter the two-letter code of the Country where your organization is registered. Example: US.
    • State/Province: Enter the full name of State/province where your company is registered.
    • Locality/City: Enter the full name of the city/locality where your company is registered.
    • Company/Organization: Enter the full legal name of your company.
    • Organizational Unit: Enter the department of your company such as IT, HR etc.

    • Common Name: Enter the fully qualified domain name for which the SSL will be activated (www.yourdomain.com or yourdomain.com).

      Note: If you are generating a CSR for a Wildcard certificate, you should enter the common name starting with an asterisk and period (e.g., *.yourdomain.com).

    • Email Address: Do not enter an email address. Leave this field blank and press Enter on the keyboard to skip this field.

Step 3: Extra Attribute Fields

  • Challenge password: Do not enter a Challenge password. Leave this field blank and press Enter on the keyboard to skip this field.
  • An option company name: Do not enter an option company name. Leave this field blank and press Enter on the keyboard to skip this field.

Step 4: Two files are generated

.CSR and .key

  • Open the .csr file you created with a text editor.
  • Copy the text, including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and paste it into the SSL configuration page.

Step 5: Save Private Key

  • Save (back up) the generated .key file on your end at safe location. You need it later while installing the certificate in your server.