CloudFront Custom SSL certificates

March 5, 2014 | Comments(0) |

All CloudFront distributions can be accessed through the domain name xxx.cloudfront.net. If you are using HTTP, you simply map your domain to https://xxx.cloudfront.net using a Cname.

To serve secure content through your domain, CloudFront now allows you to use custom SSL certificates. To get started with Custom SSL certificates visit this URL and fill in the form for invitation to Use Custom SSL certificates.

https://aws.amazon.com/cloudfront/custom-ssl-domains/

Once Amazon approves your request, you can upload a single SSL certificate to an IAM account, which could be used to frontend the CloudFront distribution. Using a single custom SSL certificate for CloudFront is currently priced as 600USD per certificate per month.

Pre-requisites

At this point you should have your signed SSL certificate ready.

Set your IAM command line tools. You should have the following:

a) Public certificate – PEM encoded

b) Private key file – pass phrase removed

c) Certificate chain – PEM encoded

Step 1: Run the following command to upload the certificate file to IAM Account.

iam-servercertupload -s yourdomain.com.cert -b yourdomain.com.crt -k yourdomain.com.key -c yourdomain.com.ca -p /cloudfront/public

where -s any name for your certificate

-b your public certificate

-k your private key

-c to your intermediate certificate

-p is the path
to store your CloudFront certificate. If your path does not begin with /cloudfront then CloudFront wont be able to locate your certificate

Step 2: Login into AWS Management Console & go to your Distribution-> Distribution Settings -> Edit

Step 3: Select your new CloudFront certificate from the drop down.

cloudfront-ssl-cert - Copy

Step 4: Save the distribution settings.

Now you should be able to access the CloudFront content through your https domain name.

 

 

 


Leave a Reply