Installing a wildcard domain SSL certificate on Amazon AWS EC2 Ubuntu

I recently needed to add a wildcard SSL certificate, purchased from Network Solutions, to an AWS EC2 instance running Ubuntu 12.04. Here’s the steps I followed for success:

First, unzip the archive that Network Solutions provides, into your home directory. Mine happens to be at /home/ubuntu/certificates which includes these files:

  • AddTrustExternalCARoot.crt
  • OV_NetworkSolutionsOVServerCA2.crt
  • OV_USERTrustRSACertificationAuthority.crt
  • STAR.MYWEBSITE.COM.crt

You will use all the above files EXCEPT AddTrustExternalCARoot.crt. It is a legacy file for use in circumstance (for example, an Intranet) where very old legacy browsers are used. Not my use case, so I’m not going to delve further into this.

First, you need to copy your private key (used when generating the certificate request that you supplied to Network Solutions in order for them to generate your certificate), into place:

Concatenate two CRT files together, and put them into a new file in the Apache SSL directory:

then

For each of your enabled vhosts, add a new VirtualHost directive for port 80 which redirects all incoming port 80 traffic to https, and then change the original VirtualHost directive to respond on 443, and declare the paths to your SSLCertificeFile, SSLCertificateKeyFile, and SSLCertificateChainFile:

 

If you are going to have multiple virtual hosts running on port 443, you’ll want to avoid triggering this error:

To do so, edit the /etc/apache2/ports.conf:

Then, find the ifModule mod_ssl.c block, and change it to match:

 

Next edit /etc/apache2/sites-available/default-ssl and change the line:

to

Test that your edits are syntactically correct and that your SSL cert files are found:

You should get a “Syntax OK” response, at which point, you can reload your Apache configuration:

Now, visit your website using https to confirm!

Leave a Reply