AWS CloudFront SSL Install

Using the Amazon CoudFront as a CDN is a great way to accelerate your website. If you run with HTTPS enabled, you will also want to reference the files you have hosted on CloudFront over HTTPS to avoid error messages from the web browser. You can install an SSL certificate of your own onto the CloudFront edge servers very easily by following the process below.

Prerequisite: Install the AWS CLI following these instructions

  1. Upload New Certificate and CA Bundle

    [root@www2 jross.org]# aws iam upload-server-certificate --path=/cloudfront/ --server-certificate-name jross.org-20150929 --certificate-body file://jross.org-20150929.crt --certificate-chain file://jross.org-20150929.ca-bundle --private-key file://jross.org-20150929.key
    

    The AWS API will repond with a JSON blob describing the new certificate that was installed.

    "ServerCertificateMetadata": {
        "ServerCertificateId": "ASCAIAL7ABZ47NPIXXDG6",
        "ServerCertificateName": "jross.org-20150929",
        "Expiration": "2016-10-12T23:59:59Z",
        "Path": "/cloudfront/",
        "Arn": "arn:aws:iam::116215659343:server-certificate/cloudfront/jross.org-20150929",
        "UploadDate": "2015-10-09T18:03:10.749Z"
    }
    
  2. Switch CloudFront to the NEW Certificate using the WebConsole. This will take a while to take effect as the certificate needs to propagate to all AWS CloudFront edge servers.