SSL Certificates

  • See also “Handling HTTPS requests and SSL certificates” on the Nginx page in this wiki.
  • SSL certificates are needed for HTTPS
  • You might need SSL certificates in your load balancer:
    • EBS load balancer, if you redirect from a forwarding server
      • NB: I originally thought that we needed it here in order to set up encrypted communication, but actually that wouldn’t be necessary if we were only proxying into here, because the encryption would be taken care of at the source of the proxying.
      • So, certificates were not needed at EBS until we changed the static nginx config (later replaced by a forwarding server) to do redirecting instead of proxying.
  • Summary: The change/update of  Ssl certificate has to be done by uploading the certificate file:
    • This should be done 2-3 days before the certificate expires.
    • SSL certificates first have to be acquired from certificate provider – this will involve at least one actual file (possibly two? One for the certificate and one for the encryption key?)
    • “Certificate Manager” service of AWS. Click on “Re Import certificate” and import the new certificate corresponding to “wildcard.caferouge.com” entry.
      • You can do this in advance of the certificate expiry.
      • First you will need details of the new certificate from your provider. You need to know Certificate body and Certificate private key
      • The certificate is then imported by the load balancer (this is a once-only thing, does not need checking every time). To see these settings:
      • Select an environment in EBS
      • Select Configuration on the left
      • Load Balancing: click the cog, then check SSL certificate ID