Installing GoDaddy SSL on an EC2 Ubuntu Instance in AWS

If you have sensitive data on your site, you may want to install an SSL Certificate to make it more secure. Here is a brief tutorial being on AWS EC2 Ubuntu instance on how to set it up.

My server settings are Apache2 and Ubuntu 9.x


1. Login to ssh/terminal on your server
2. Enable SSL for WebServer(Apache2)

sudo a2enmod ssl

3. Create the server SSL Key

sudo bash

On Ubuntu this changes you to the root user as you cannot access the directory on the next step.

cd /etc/ssl/private

openssl genrsa -des3 -out myserver.com.key 2048

Make sure its 2048 and not 1024 bit as this would be required later on GoDaddy.
Enter keyphrase

5. Create the CSR (Certificate Service Request) to be entered on GoDaddy

openssl req -new -key myserver.com.key -out myserver.com.csr

Upon enter it will ask you for several things but make sure that under Common Name you put your website url (myserver.com). (GoDaddy will throw an error if it is not a correct website)

6. View the CSR and Copy. Paste it later to your GoDaddy SSL Certificate Management

7. On GoDaddy SSL Certificate Management make a Request and choose Third Party, Web Server no Control Panel. And Paste the CSR code.

a. Upon Submit you would get the approval. It would check that your domain registry and administrative contacts to verify.
b. If it cannot be verified via the domain registry, you will be emailed a code that you need to create as a file and upload to your server instead.

8. Install your certificate gd_bundle.crt and myserver.com.crt to your server. Upload them to the server and install. Back to shell

mv gd_bundle.crt /etc/ssl/gd_bundle.crt
mv myserver.com.crt /etc/ssl/certs/myserver.com.crt

9. Edit the default Apache2 values at /etc/apache2/sites-available/default. Create a new virtualhost

NameVirtualHost *:443

DocumentRoot /var/www/
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/myserver.com.crt
SSLCertificateKeyFile /etc/ssl/private/myserver.com.key
SSLCertificateChainFile /etc/ssl/gd_bundle.crt

10. Make sure Apache2 to listen on port 443, edit the /etc/apache2/ports.conf
Under


Listen 443

10. Restart Apache

/etc/init.d/apache2 restart

If all went well you should be able to access https

For EC2 make sure Port 443 is enabled as well on the AWS Console

11. Then to force redirect users to https create an htaccess file and upload to your root www folder

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.myserver.com/$1 [R,L]

Post Author: lopau

8 thoughts on “Installing GoDaddy SSL on an EC2 Ubuntu Instance in AWS

    Scottie Kain

    (March 15, 2012 - 10:14 pm)

    This article provides a great historical perspective of what can go wrong in a cloud deployment leveraging highly publicized case studies. Great research in putting this post together. 

    Josh

    (August 29, 2012 - 9:05 pm)

    Thanks.

    Please change “Ssudo a2enmod SSL” to “sudo a2enmod ssl”

    lopau

    (August 29, 2012 - 10:32 pm)

    thanks for pointing that out Josh, modified. Note that its case sensitive.

    Mahmoud

    (December 24, 2012 - 7:37 am)

    I have a question: What if I only have a subdomain of amazon (or azure, or any hosting service) and I want to secure it? Would the single domain certificate work?

    lopau

    (December 24, 2012 - 9:22 am)

    as far as I know, it should secure it. As certificates are issued on top level domain, subdomains should be covered.

    Matt

    (January 9, 2013 - 1:05 pm)

    Loved the instructions. i followed it to the t and it worked perfect.

    Shalvika

    (May 21, 2013 - 1:32 am)

    Thanks so much for this post! I had everything right but still it wasn’t working and I was tired of having scrapped through every possible website. What I didn’t realize was happening was the ‘Listen’ on port update. I thought that since the module was loaded , it should take that configuration. Most of the documentation just mentioned updating the NamedVirtualHost. Anyway, thanks a ton for this post!

    Install Godaddy SSL Cert - Spigeo

    (July 10, 2013 - 7:28 pm)

    […] Used this guide to install SSL for Ubuntu 10: http://blog.lopau.com/installing-godaddy-ssl-on-an-ec2-ubuntu-instance-in-aws/ […]

Leave a Reply

Your email address will not be published. Required fields are marked *