Use the instructions on this page to use OpenSSL to create your certificate signing request (CSR) and then upload and implement your SSL certificate in your AWS instance.
To create your CSR, see OpenSSL: How to Create Your CSR.
To install your SSL certificate, see AWS: How to Install Your SSL Certificate.
If you are looking for a simpler way to create CSRs, install, and manage your SSL certificates, we recommend using the DigiCert Certificate Utility for Windows. You can use the DigiCert Utility to generate your CSR and install your SSL certificate. See Amazon Web Services: SSL Certificate CSR Creation.
Use the instructions below for using OpenSSL to create your shell commands for generating your Amazon Web Services (AWS) CSR.
How to Generate a CSR for AWS Using OpenSSL
If you prefer, you can build your shell commands for generating your AWS CSR.
Use your terminal client (ssh) to log into your server/workstation.
At the prompt, enter the following command:
openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr
You have now started the process for generating the following two files:
When prompted for the Common Name (domain name), type the fully qualified domain name (FQDN) for the site that you are going to secure.
When prompted, type your organizational information, beginning with your geographic information.
Open the .csr file that you created with a text editor.
Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into the DigiCert order form.
Save the (back up) the generated .key file. You need it later when installing your SSL certificate.
After receiving your SSL certificate from DigiCert, you can install it.
Copy the Certificate File to Your Server/Workstation
Download your Intermediate (DigiCertCA.crt) and Primary Certificate (your_domain_name.crt) files from your DigiCert account, then copy them to the directory on your server/workstation where you will keep your certificate and key files. Make them readable by the root only.
Upload Your SSL Certificate
Next, you need to upload the certificate files (your_domain_com.key, your_domain_com.crt, and DigiCertCA.crt) to your AWS account.
Implement Your SSL Certificate
To implement your SSL certificate for your instance of AWS, consult the AWS Documentation.
If your website is publicly accessible, our DigiCert® SSL Installation Diagnostic Tool can help you diagnose common problems.