Note: For domains with subdomains be sure to buy the wildcard program
Connect via ssh to the server, and create a folder ssl in the home of the user.
Then we need to create the csr (certificate signing request).
Unit name, common name should be yourdomain.com or *.yourdomain.com for subdomains. If asked for a challenge password, leave it blank.
Run the script:
b-ssl
Type (replace yourdomain.com with the site's domain, for subdomains add *. before the domain. IE: *.yourdomain.com):
openssl req -sha256 -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr
To use the private key in ELB we need to convert yourdomain.com.key to PEM. To do this type:
openssl rsa -in yourdomain.com.key -outform PEM -out yourdomain.com.pem
Now we have this files
- yourdomain.com.pem: private key for ELB
- yourdomain.com.crs: certificate request Give yourdomain.com.crs to the ssl provider and download the new certificate (in apache format). Generally you will have 2 files:
- [some string].crt: public key for ELB
- [some string with bundle].crt: certificate chain for ELB Now we have all the files we need.
Let's set up the ELB. Go to amazon console and create a new load balancer, add the https listener. Open the port 443 in the load balance. Add the ssl certificate to the 443 listener.
- Private key -> use the content of yourdomain.com.pem
- Public key certificate -> use the content of [some string].crt
- Certificate Chain -> use the content of [some string with bundle].crt
We need to redirect all traffic from http to https. Just copy and paste this code in your express server
//redirect to https
app.use(function(req, res, next) {
if(process.env.NODE_ENV == 'production' && (!req.secure) && (req.get('X-Forwarded-Proto') !== 'https')) {
res.redirect('https://' + req.get('Host') + req.url)
} else {
next()
}
})