Knowledge Base

Creating a CSR and installing your SSL certificate for Amazon Web Services (AWS)

Use the instructions on this page to use OpenSSL to create your certificate signing request (CSR) and then upload and implement your SSL certificate in your AWS instance.

1. To create your CSR, see OpenSSL: How to Create Your CSR.

2. To install your SSL certificate, see AWS: How to Install Your SSL Certificate.

If you are looking for a simpler way to create CSRs, install, and manage your SSL certificates, we recommend using the DigiCert Certificate Utility for Windows. You can use the DigiCert Utility to generate your CSR and install your SSL certificate. See Amazon Web Services: SSL Certificate CSR Creation.

OpenSSL | How to Create Your CSR

Use the instructions below for using OpenSSL to create your shell commands for generating your Amazon Web Services (AWS) CSR.

Recommended: Save yourself some time. Use the DigiCert OpenSSL CSR Wizard to generate an OpenSSL command for creating your AWS CSR. Just fill in the form details, click Generate, and paste your customized OpenSSL command into your terminal.

How to Generate a CSR for AWS Using OpenSSL

If you prefer, you can build your shell commands for generating your AWS CSR.

1. Use your terminal client (ssh) to log into your server/workstation.

2. At the prompt, enter the following command:

   Note: Make sure to replace server with the name of your server/workstation.

   openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr

3. You have now started the process for generating the following two files:

   • Private-Key File – For the decryption of your SSL certificate
   • CSR File – For ordering your SSL certificate

4. When prompted for the Common Name (domain name), type the fully qualified domain name (FQDN) for the site that you are going to secure.

   Note: If generating an AWS CSR for a DigiCert Wildcard SSL Certificate, the common name should begin with an asterisk (e.g., *.example.com).

5. When prompted, type your organizational information, beginning with your geographic information.

   Note: You may have already set up default information.

6. Open the .csr file that you created with a text editor.

7. Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into the DigiCert order form.

8. Save the (back up) the generated .key file. You need it later when installing your SSL certificate.

9. After receiving your SSL certificate from DigiCert, you can install it.
    

AWS | How to Install Your SSL Certificate

1. Copy the Certificate File to Your Server/Workstation

   Download your Intermediate (DigiCertCA.crt) and Primary Certificate (your_domain_name.crt) files from your DigiCert account, then copy them to the directory on your server/workstation where you will keep your certificate and key files. Make them readable by the root only.

2. Upload Your SSL Certificate

   Next, you need to upload the certificate files (your_domain_com.key, your_domain_com.crt, and DigiCertCA.crt) to your AWS account.

3. Implement Your SSL Certificate

   To implement your SSL certificate for your instance of AWS, consult the AWS Documentation.

   Note: Because all instances of Amazon Web Services (AWS) are unique, it is best to consult the Amazon documentation for instructions on how to install and configure your SSL certificate for your AWS instance.

Test Installation

If your website is publicly accessible, our DigiCert® SSL Installation Diagnostic Tool can help you diagnose common problems.