Step by Step guide to install SSL in AWS ELB

SSL Installation in AWS ELB

Generate Private Key:

Generate a CSR in Microsoft IIS

1. Click Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
2. Click on the server name.
3. From the center menu, double-click the “Server Certificates” button in the “Security” section (it is near the
bottom of the menu). 


4.  Next, from the “Actions” menu (on the right), click on “Create Certificate Request.” This will open the Request Certificate wizard.








  1. In the “Distinguished Name Properties” window, enter the information as follows:
  1. Common Name– The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., or
  2. Organization– The legally registered name of your organization/company.
  3. Organizational unit– The name of your department within the organization (frequently this entry will be listed as “IT,” “Web Security,” or is simply left blank).
  4. City/locality– The city in which your organization is located.
  5. State/province– The state in which your organization is located.








6. Click Next.
7. In the “Cryptographic Service Provider Properties” window, leave both the settings at their defaults (Microsoft RSA SChannel and 2048) and then click next.








8. Enter a filename for your CSR file. 

9. Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it (including the Begin and End Certificate Request tags) into the online order process when prompted.


Back Up Private Key

To back up a private key on Microsoft IIS 7.0 follow these instructions:

1. From your server, go to Start > Run and enter mmc in the text box. Click on the OK button.
2. From the Microsoft Management Console (MMC) menu bar, select Console > Add/Remove Snap-in.
3. Click on the Add button. Select Certificates from the list of snap-ins and then click on the Add button.


4. Select the Computer account option. Click on the Next button.

5. Select the Local computer (the computer this console is running on) option. Click on the Finish button.
6. Click on the Close button on the snap-in list window. Click on the OK button on the Add/Remove Snap-in window.
7. Click on Certificates from the left pane. Look for a folder called REQUEST or “Certificate Enrolment Request> Certificates


 8. Select the private key that you wish to backup. Right click on the file and choose > All Tasks > Export 


9. The certificate export wizard will start, please click Next to continue. In the next window select Yes, export the private key and click Next 

10. Leave the default settings selected and click Next.


11. Set a password on the private key backup file and click Next 
12.  Click on Browse and select a location where you want to save the private key Backup file to and then click Next  to continue. By default the file will be saved with a .pfx extension.
13. Click Finish, to complete the export process

Convert to RSA Private Key Format

The private key is backed up as a ‘.pfx’ file, which stands for Personal Information Exchange.

To convert it to RSA Private Key format supported by inSync:

  1. Download and install latest version of OpenSSL for windows
  2. Open the command prompt and run the following commands
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out myserver.key

3. The private key will be saved as ‘myserver.key’.

4. Carefully protect the private key. Be sure to back up the private key, as there is no means to recover it, should it be lost.

Configure SSL in ELB

Select the desired load balancer from the list of available load balancers list in load balancer dashboard.

Click on “Listeners” tab of load balancer details page.

Click on Edit button in Listeners tab section to add HTTPS listener.









Click on Add button to add new listener (HTTPS).

Select protocol and port as shown in above screen shot.

Click on Change link for Cipher changes.







Select “Predefined Security Policy”. Make sure TLSv1 is disabled.

Click on Save.

Click on Change in “SSL Certificate”.







Select “Upload a new SSL Certificate” for Certificate Type.

Fill the following details.

  1. Certificate Name: Name of the certificate
  2. Private Key: RSA key generated in the above steps.
  3. Public Key Certificate: Received public key from SSL provider.

Certificate Chain: Intermediate and chain certificate provided by SSL provider.

SSL installation in AWS ELB is complete.

Share this:

Leave a Reply

Your email address will not be published. Required fields are marked *