Amazon EC2 Multiples SSL Certificates

1) Install Java-Ibm

2) Install ElasticLoadBalancing-1.0

3) Generate Security Credentials
Amazon > Account > Security Credentials
X.509 Credentials
Create
“Download Private Key File” and rename it to PrivateKey.pem
“Download X.509 certificate” and rename it to ServerCertificate.pem

Upload both files to /mnt

4) Download ElasticLoadBalancing-1.0.10.0.zip or the lastest version and install it under /root/bin/elb

5) Unix shell make variables

export AWS_ELB_HOME=/root/bin/elb
export JAVA_HOME=/usr/lib/jvm/java-1_6_0-ibm-1.6.0/jre
export PATH=$PATH:/root/bin/elb/bin
export EC2_PRIVATE_KEY=/mnt/PrivateKey.pem
export EC2_CERT=/mnt/ServerCertificate.pem

6) Config ELB
# elb-create-lb onlinecommunityspecialists –headers –listener “lb-port=443,instance-port=8443,protocol=TCP” –listener “lb-port=80,instance-port=80,protocol=http” –region eu-west-1 –availability-zones eu-west-1a
DNS_NAME DNS_NAME
DNS_NAME onlinecommunityspecialists-1752118929.eu-west-1.elb.amazonaws.com

# elb-create-lb neverforget –headers –listener “lb-port=443,instance-port=8444,protocol=TCP” –listener “lb-port=80,instance-port=80,protocol=http” –region eu-west-1 –availability-zones eu-west-1a
DNS_NAME DNS_NAME
DNS_NAME neverforget-1687287348.eu-west-1.elb.amazonaws.com

# elb-register-instances-with-lb onlinecommunityspecialists –region eu-west-1 –instances i-9d84dcea

# elb-register-instances-with-lb neverforget –region eu-west-1 –instances i-9d84dcea

7) Config Apache to listen to that ports with different SSL

# vi /etc/apache2/listen.conf
Listen 80
Listen 8443
Listen 8444
NameVirtualHost *:80
NameVirtualHost *:8443
NameVirtualHost *:8444

# vi /etc/apache2/vhosts.d/vhost.conf
<VirtualHost *:80>
    ServerAdmin root@linux.com
    DocumentRoot /srv/www/htdocs/online
    ServerName www.onlinecommunityspecialists.co.uk
    ServerAlias www.onlinecommunityspecialists.co.uk
    HostnameLookups Off
    ServerSignature On
    <Directory "/srv/www/htdocs/online">
        Options -Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin root@linux.com
    DocumentRoot /srv/www/htdocs/neverforget
    ServerName www.neverforgetagain.co.uk
    ServerAlias www.neverforgetagain.co.uk
    HostnameLookups Off
    ServerSignature On
    <Directory "/srv/www/htdocs/neverforget">
        Options -Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
<IfDefine SSL>
<IfDefine !NOSSL>

<VirtualHost *:8444>
    ServerAdmin ipascual@unexpectedit.com
    DocumentRoot /srv/www/htdocs/neverforget
    ServerName www.neverforgetagain.co.uk
    ServerAlias www.neverforgetagain.co.uk

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl.crt/www_neverforgetagain_co_uk.crt
    SSLCertificateKeyFile /etc/apache2/ssl.crt/neverforgetagain.key
    SSLCertificateChainFile /etc/apache2/ssl.crt/www_neverforgetagain_co_uk.ca-bundle
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

    <Directory "/srv/www/htdocs/neverforget">
        Options -Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
<VirtualHost *:8443>
    ServerAdmin ipascual@unexpectedit.com
    DocumentRoot /srv/www/htdocs/online
    ServerName www.onlinecommunityspecialists.co.uk
    ServerAlias www.onlinecommunityspecialists.co.uk

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl.crt/www_onlinecommunityspecialists_co_uk.crt
    SSLCertificateKeyFile /etc/apache2/ssl.crt/onlinecomunityspecialists.key
    SSLCertificateChainFile /etc/apache2/ssl.crt/www_onlinecommunityspecialists_co_uk.ca-bundle
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

    <Directory "/srv/www/htdocs/online">
        Options -Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
</IfDefine>
</IfDefine>

7) Add CNAME records to your domains
Domain: onlinecommunityspecialists.co.uk
www >>> onlinecommunityspecialists-1752118929.eu-west-1.elb.amazonaws.com.
Domain: neverforgetagain.co.uk
www >>> neverforget-1687287348.eu-west-1.elb.amazonaws.com

8) Do not forget to open the ports related on your Amazon Firewall

TAGS: None