Saturday, July 22, 2017

AWS Tutorial: How to quickly set up an SSL certificate for use with Amazon Web Services ELB


View Java keystore information with "keytool list"
keytool -list -v -keystore privateKey.store

keytool executable comes in JDK/bin. You must configure $JAVA_HOME/bin in $PATH to use the command. Check the CN (CommonName) 

Article about Certificates Extensions and Encodings : http://info.ssl.com/article.aspx?id=12149

PKCS7 Decoder

Installing a SSL certificate on Amazon Web Services (AWS)

Use AWS Certificate Manager to upload SSL certificate (Import).
Certificate body : Provide the public certificate (PEM) provided by ssl team by converting .cer to pem
Certificate private key : Provide the private key (PEM) you used to generate CSR file
Certificate Chain : Provide the intermediate and Root certificate (PEM)

In order to verify the healthy of the file and port in https://

In order to verify the healthy of the file and port in http://

You also need to create keystore file and drop in tomcat 8443 port by combining keys.

Posted by at No comments :

Wednesday, July 19, 2017

Step by step instructions on self-signed certificate and configure Tomcat over SSL

Note : If you create self signed certificate from openssl then create keystore file also using openssl

1.1 Create a pair of PKI keys

openssl genrsa -out public-dns-name-private.pem 2048

Create a self-signed X509 certificate:

openssl req -new -x509 -key public-dns-name-private.pem -out public-dns-name-certificate.pem -days 365

Create a PKCS12 keystore and import (or export depending on how you look at it) the host certificate we just created:

openssl pkcs12 -export -out humkeystore.pkcs12 -in public-dns-name-certificate.pem -inkey public-dns-name-private.pem

2.2 Convert the PKCS12 keystore to Java keystore using Java keytool.

keytool -importkeystore -srckeystore humkeystore.pkcs12 -srcstoretype PKCS12 -destkeystore humkeystore -deststoretype JKS

Update Tomcat : In $CATALINA_HOME/CONF/server.xml


In Amazon Alexa Skill : "I will upload a self-signed certificate in X.509 format" open generated x509 certificate file and provide content : public-dns-name-certificate.pem


Posted by at No comments :

AWS Account Migration - Steps for some of the services to migrate from one AWS Account to other

1) Login into AWS account and go to BillingDashboard and find out list of services used.  

Note : There will be charge either 0$ or x$ for used services.

2) Go to VPC dashboard and understand VPC (custom), ElasticIps, Security Group, subnets and create the same in another account (target account you want to migrate)



Note : Only manual snapshot backup can be shared and restored.


Note : aws s3 sync s3://sourceBucket  s3://DestinationBucket  --profile AccountAAdmin --profile AccountBAdmin 
Please make sure the destinationBucket name is different as its unique. Sometimes we try to provide same assuming copy. 



6) ELB : Create LoadBalancer target Group and other details in new account from the existing account. 

7) Lambda, Lex, elasticBeanStack you need to configure the same in new account and copy the code from the old aws account.
Posted by at No comments :
Subscribe to: Posts ( Atom )
// Below script tag for SyntaxHighLighter