Scribd
Upload
179 views

Enabling SSL For AWS EC2 Instances

1. The steps taken to add HTTPS support to a CV site hosted on an AWS EC2 instance are described. This involved opening port 443 in the security group, installing the mod_ssl module, generating a self-signed certificate, enabling the EPEL repository for Certbot dependencies, modifying the Apache configuration, and running Certbot to automatically configure HTTPS. 2. Certbot was used to obtain an SSL/TLS certificate, configure Apache for HTTPS, and redirect HTTP traffic to HTTPS. Some configuration steps like providing an email address, accepting terms, and choosing common names were required. 3. After running Certbot, the CV site could be accessed over HTTPS without certificate errors.

Uploaded by

Fernan Enad
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
179 views

Enabling SSL For AWS EC2 Instances

1. The steps taken to add HTTPS support to a CV site hosted on an AWS EC2 instance are described. This involved opening port 443 in the security group, installing the mod_ssl module, generating a self-signed certificate, enabling the EPEL repository for Certbot dependencies, modifying the Apache configuration, and running Certbot to automatically configure HTTPS. 2. Certbot was used to obtain an SSL/TLS certificate, configure Apache for HTTPS, and redirect HTTP traffic to HTTPS. Some configuration steps like providing an email address, accepting terms, and choosing common names were required. 3. After running Certbot, the CV site could be accessed over HTTPS without certificate errors.

Uploaded by

Fernan Enad
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

IS 238 Week 8 Activity

A16: Support HTTPS


The following are the steps which were undertaken to support HTTPS to the my CV site.
1. I connected to my AWS Console via AWS Educate.
2. I went to EC2 Services and looked for the Security Groups option at the left side. After
clicking on the is238-instance group name, I further clicked on the Inbound tab at the
bottom and then clicked on the Edit button launching the Edit Inbound Rules dialog
box. From there, I added the HTTPS Rule so my instance will accept connections on
Port 443, after which, I clicked on the Save button to finalize the action.
3. I went ahead and connected to my EC2 instance via a Linux terminal by invoking the
$ ssh -i is238-a10.pem [email protected] command.
4. I then added the TLS support by installing the Apache module mod_ssl by running the
$ sudo yum install -y mod_ssl command.
5. For testing purposes, I generated a self-signed dummy certificate and key by navigating
to the /etc/pki/tls/certs directory and running the $ sudo ./make-dummy-cert
localhost.crt command.
6. Invoking the previous command also has updated the /etc/httpd/conf.d/ssl.conf file but
since the dummy certificate already contains the key, I had to manually edit the latter
file and comment out the SSLCertificateKeyFile
/etc/pki/tls/private/localhost.key directive.
7. After restarting Apache by using the $ sudo systemctl restart httpd command, I
then tried to access my CV site to which I was prompted with the Invalid Certificate
prompt but bypassed it and loaded the site anyway.
8. After all the previous steps were undertaken, I went ahead and downloaded the Extra
Packages for Enterprise Linux (EPEL) 7 repository packages as these are required to
supply dependencies needed by Certbot. In order to do this, I navigated first to my
home directory (/home/ec2-user) and invoked the $ sudo wget -r --no-parent -A
'epel-release-*.rpm'
http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/ command.
9. After all the EPEL packages have been downloaded, I went ahead and installed them by
running the $ sudo rpm -Uvh
dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
command.
10. Since it is necessary to enable EPEL, I then invoked the $ sudo yum-config-manager -
-enable epel* command and confirmed its activation by running the $ sudo yum
repolist all command.
11. I then modified the Apache configuration file at /etc/httpd/conf/httpd.conf by adding
the following lines after the “Listen 80” directive, saving the file thereafter and
restarting Apache by running $ sudo systemctl restart httpd command for the
changes to take effect.
<VirtualHost *:80>
DocumentRoot “/var/www/html”
ServerName “fernandoenad.tk”
IS 238 Week 8 Activity

ServerAlias “www.fernandoenad.tk”
</VirtualHost>
12. I then installed the Certbot packages and dependencies by running the $ sudo yum
install -y certbot python2-certbot-apache command and ran it thereafter using
the $ sudo certbot command.
13. The terminal then prompted me to input an email address to be used for urgent
renewal and security notices. After inputting [email protected] for the email, I then
pressed the enter key.
14. The terminal then prompted me to accept the Terms of Service so I then went ahead
and responded “A” (for Accept) and hit the Enter key thereafter. It was then followed
by another prompt to include me in the mailing list to which I responded “Y” (for Yes)
and then hitting the Enter key.
15. Certbot then displayed the Common Name and Subject Alternative Name that I
provided in the VirtualHost block when I updated the /etc/httpd/conf/httpd.conf file. It
prompted me to select as to which the HTTPS service be activated for. I immediately
hit the Enter key to select both entries instead of just selecting one.
16. All that followed are automated actions such as obtaining a new certificate, performing
challenges, waiting for verifications, cleaning up challenges, creating SSL vhost,
deploying certificate for the Common Name, enabling the site, and deploying the
certificate for the Subject Alternative Name. I was then prompted to whether redirect
the HTTP traffic to HTTPS to which I eagerly responded with “1” which means I want to
keep the HTTP access.
17. Certbot then completed the configuration of Apache and further reported the success
of the action.
18. I then went ahead and tried accessing my CV site using HTTPS and it loaded with no
certificate error prompts already.

You might also like