- Published on
Create and upload custom server certificate in AWS IAM
- Authors
- Name
- Bhuwan Prasad Upadhyay
- @IAmVuwan
Introduction
How to create SSL custom certificate with you domain and upload as server certificate in AWS IAM?
This article will show you how to create custom SSL certificate with your domain and upload as server certificate in AWS IAM.
Create setup directory
mkdir -p ~/customcerts
cd ~/customcerts
rm -rf *
Setup variables
SUBJECT="/C=CN/ST=GD/L=SZ/O=Acme, Inc."
DOMAIN_SUFFIX=example.com
CERTIFICATE_NAME=custom-loadbalancer-cert
Generate client key & certificate
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "$SUBJECT/CN=Acme Root CA" -out ca.crt
Generate server key & certificate
openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "$SUBJECT/CN=*.$DOMAIN_SUFFIX" -out server.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:*.$DOMAIN_SUFFIX,DNS:$DOMAIN_SUFFIX,DNS:www.$DOMAIN_SUFFIX") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
Delete IAM server certificate if exists
aws iam delete-server-certificate --server-certificate-name $CERTIFICATE_NAME
Upload IAM server certificate
aws iam upload-server-certificate \
--server-certificate-name $CERTIFICATE_NAME \
--certificate-body file://server.crt \
--private-key file://server.key