{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《Procedure to install HTTPS SSL on AWS elastic bean》','https://www.manongdao.com/q-665519.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have successfully installed self-certified SSL to make https works on AWS linux EC2. I then try it on elastic beanstalk in autoscaling and load balancing environment. But I failed. The procedure I did was first to start a new elastic beanstalk application. I gerenate prive key and self-certified public key of SSL certificate in the same way as I successfully did for EC2. What is different is that I use upload-server-certificate to upload the security certificate to IAM so that load balancer can reconize it.
aws iam upload-server-certificate --server-certificate-name mydomainname_SC --certificate-body file://server.crt --private-key file://privatekey.pem
then I verify the certificate without problem using this command
aws iam get-server-certificate --server-certificate-name mydomainname_SC
After this, on th beanstlak console I set the security group of the EC2 of the beanstalk to http 80, https 443 open to everybody. And then I went to elastic beanstalk console to select configure, then select load balancing to open listeners for http 80, https 443, and specify SSL certificate ID as mydomianname_SC. Then I did a "service httpd restart" on the beanstalk EC2 instance. The result was http worked but https failed.
The difference between installing SSL certifcate on single EC2 instance and elastic beanstalk is in beanstalk we need to upload the certificate to IAM but in single EC2 I add the "SSLEngine on" in https.conf file such as
NameVirtualHost *:443
<VirtualHost *:443>
ServerName ec2_ip_address:443
# other configurations
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/privatekey.key
</VirtualHost>
Since https failed in my beanstalk configuration, I then add the above VirtualHost command to the /etc/httpd/conf/httpd.conf file on the elastic beanstalk EC2 instance. After adding this, I did "service httpd restart" and the result was both https and http failed. I then modify the httpd.conf as
NameVirtualHost *:443
<VirtualHost *:443>
ServerName ec2_ip_address:443
# other configurations
SSLEngine on
</VirtualHost>
or simply one line such as
SSLEngine on
But for the above two cases, http and httpd both failed. It seemed that the change in httpd.conf messed up http too. I then discovered that there is no "ssl.conf" file in the EC2 instance of elastic beanstalk. My question is do we need to install mod_ssl on the EC2 of elastic beanstalk? I did try to install mod_ssl on the EC2 instance of elastic beanstalk but failed with error message:
Error: httpd24 conflicts with httpd-2.2.27-1.2.amzn1.x86_64
Error: httpd24-tools conflicts with httpd-tools-2.2.27-1.2.amzn1.x86_64
Do we need to install mod_ssl on EC2 of elasstic beanstalk ?
What was the problem with the above practice to turn on HTTPS of elastic beanstalk?