Installing SSL Certificates on Amazon Web Services (AWS)
Updated: 2026-01-28 07:40:35 Viewed times: 610
Choose one of the following two installation methods:
**Upload Certificate via Management Console**
Since you have already downloaded the certificate files, please follow the steps below to install them on your EC2 instance. In summary, you need to upload the certificate files to IAM and assign the certificate to your EC2 load balancer instance.
1. Log in to your AWS Management Console and navigate to the EC2 console.
2. Go to the EC2 console.
3. Under the "Network & Security" section, select "Load Balancers".
4. Choose the load balancer to which you want to assign the certificate.
5. Go to the "Listeners" tab, click "Edit", then click "Add". Select "HTTPS" as the protocol. Next, under SSL Certificate, choose "Change", then click "Upload a new certificate to AWS Identity and Access Management (IAM)".
6. Now enter your certificate details: This includes the certificate name, your private key (private.key), the main certificate file (certificate.crt), and the certificate chain (ca_chain.crt) by pasting the file contents into the specified fields.
7. Finally, click "Save".
**Upload Certificate via CLI**
Alternatively, you can also use the AWS Command Line Interface (CLI) to upload the certificate files to IAM. To upload the certificate files to an EC2 instance using the AWS CLI, follow the steps below.
Please note that for the upload process, you may need to rename the .crt files to .pem.
You can use the following command to upload the certificate files to IAM:
aws iam upload-server-certificate --server-certificate-name certificate_object_name --certificate-body file://certificate.crt --private-key file://private.key --certificate-chain file://ca_bundle.crt
The `certificate_object_name` parameter above can be used to give a name to your certificate object. Also note that when specifying a file as a parameter (such as certificate-body), you must include `file://`.
**IAM Upload Standards**
When uploading certificate files, IAM verifies that the following standards are met:
- The certificate files (certificate.csr and ca_bundle.crt) must be in X.509 PEM format.
- The current date must be between the certificate issuance and expiration dates.
- The certificate and private key files should contain only a single item, not multiple items.
- The private key must match the certificate.
- The private key must start with `-----BEGIN RSA PRIVATE KEY-----` and end with `-----END RSA PRIVATE KEY-----`.
- The private key must be encrypted with a password.
**Verify Installation**
You have completed all the necessary steps to install the SSL certificate. To check whether your certificate has been properly installed, simply try accessing your domain using HTTPS, for example: `https://domain.com`.