Create and Manage SSL Certificates with AWS Certificate Manager

Hands-On Lab

 

Photo of Trent Hayes

Trent Hayes

Training Architect

Length

00:30:00

Difficulty

Intermediate

Welcome to this hands-on lab for AWS Certificate Manager (or ACM). ACM handles the complexity of creating and managing SSL certificates for your web applications. You can also use public certificates provided by ACM for free. You can create a listener on your load balancer that uses encrypted connections (also known as SSL offload). This feature enables traffic encryption between your load balancer and the clients that initiate SSL sessions. To use an HTTPS listener, you must deploy a certificate on your load balancer. The load balancer uses this certificate to terminate the connection and then decrypt requests from clients before sending them to the targets.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Create and Manage SSL Certificates with AWS Certificate Manager

Introduction

The Amazon Certificate Manager (ACM) handles the complexity of creating and managing SSL certificates for your web applications. In this lab, we will create and manage an SSL certificate using ACM.

Log in to the AWS Management Console using the credentials provided on the lab instructions page. Make sure you are in the us-east-1 region.

Create an ALIAS Record in Route 53

  1. Navigate to the Route 53 service in the AWS Management Console.
  2. Under DNS management, click Hosted zones.
  3. Click the listed domain name to open it.
  4. Click the Create Record Set button at the top of the page.
  5. In the Create Record Set menu, configure the following settings:
    • Name: (Leave blank)
    • Type: A — IPv4 Address
    • Alias: Yes
    • Alias Target: load-balancer-75942871.us-east-1.elb.amazonaws.com
  6. Click Create.

Create a Public Certificate in ACM

  1. Navigate to the Certificate Manager service in the AWS Management Console.
  2. Under Provision certificates, click Get started.
  3. On the Request a certificate page, select the Request a public certificate option.
  4. Click Request a certificate.
  5. On the Add domain names page, under Domain name, enter the domain name of your lab environment.
  6. Click Next.
  7. On the Request a certificate page, select the DNS validation option.
  8. Click Review.
  9. On the Review page, click Confirm and request.
  10. On the Validation page, click Create record in Route 53.
  11. In the Create record in Route 53 menu, click Create.
  12. Click Continue.

Create an HTTPS Listener on the Load Balancer

  1. Navigate to the EC2 service in the AWS Management Console.
  2. Click Load Balancers in the left sidebar.
  3. Copy the public DNS name of the load balancer to your clipboard.
  4. Open a new tab in your browser, and paste the DNS name into the address bar.
  5. Go back to the EC2 Management Console tab of your browser, and click the Listeners tab at the bottom of the page.
  6. Click Add listener.
  7. On the Add listener page, configure the following settings:
    • Protocol : port: HTTPS : 443
    • Default action(s): Forward to...
    • Forward to...: TG1
    • Security policy: ELBSecurityPolicy-2016-08
    • Default SSL certificate: (Select the public certificate from the dropdown)
  8. Click Save.
  9. Open a new browser tab, and browse to our domain using SSL. You should see a secure connection (denoted with a lock icon) in the address bar.
  10. Click the lock icon in the address bar, and click Show Certificate. You should see the certificate that we issued from Amazon.

Conclusion

Congratulations, you've successfully completed this lab!