George V. Reilly

Creating External SSL Certificates for CloudFront

I needed to create a wildcard SSL cer­tifi­cate and upload it to AWS CloudFront today.

First, generate a 2048-bit private key. This will prompt you for a passphrase:

$ openssl genrsa -des3 -out example.key 2048

Check which signature algorithm was used (SHA-256 is rec­om­mend­ed):

$ openssl req -in example.csr -noout -text

Transform the private key to PEM format:

$ openssl rsa -outform PEM -in example.key -out example.pem

Generate a Cer­tifi­cate Signing Request. Note the * in the server FQDN:

$ openssl req -new -key example.key -out example.csr

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Washington
Locality Name (eg, city) []:Seattle
Organization Name (eg, company) [Internet Widgits Pty 
continue.