In this discussion, what is meant by SSL? What are TLS certificates? What are the benefits and uses of SSL/TLS? What is the difference between an SSL certificate and a TLS certificate? How to identify if a website/portal has an SSL/TLS certificate? How to get a free SSL certificate for AWS-hosted websites? How to request an SSL public certificate using AWS Certificate Manager? How to add the DNS records to your domain? How to install your own certificate on the server? Let’s get into the topic to understand responses to these questions:
Amazon Web Services (AWS) provides a free SSL certificate for websites hosted with them, and has a load balancer purchased. AWS Certificate Manager Service lets you effortlessly provide, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. Using AWS Certificate Manager, you can swiftly request a certificate, deploy it on ACM-integrated AWS resources, such as Elastic Load Balancers, Amazon CloudFront distributions, and APIs on API Gateway, and leverage AWS Certificate Manager to perform certificate renewals. However, it is not an easy process to access and deploy the free SSL/TLS certificates from AWS Certificate Manager. Let us first understand what SSL and TLS certificates are in the article below:
What is SSL?
SSL stands for Secure Sockets Layer; it is the standard technology for keeping an Internet connection secure and safeguarding any sensitive data sent between two systems. The two systems can be server to client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or payroll information). An SSL certificate is a digital certificate or electronic document providing proof of public key ownership. This certificate is an important indication to the user that passwords, contact information, and credit card numbers will remain secure as they are sent from the client’s browser to the website’s web server.
What is TLS?
TLS stands for Transport Layer Security, which is just an updated and more secure version of SSL. TLS is a cryptographic protocol that establishes an encrypted session between applications over the Internet. TLS certificates usually contain the following information:
- The subject domain name
- The subject organization
- The name of the issuing CA
- Additional or alternative subject domain names, including subdomains, if any
- Issue date
- Expiry date
- The public key (The private key, however, is kept a secret).
- The digital signature of the CA
How Does TLS Work?
TLS uses a combination of symmetric and asymmetric cryptography, as this provides a good negotiation between performance and security when transmitting data securely. A TLS certificate is the successor of the SSL certificate.
However, the terms are often used interchangeably, given that the term SSL has become interchangeable with website encryption and security.
Learn more about Certificate management, SSL, and TLS certificate management in the blog article below:
How to Get a Free SSL Certificate for AWS Hosted Sites?
AWS offers a free public certificate for your hosted website if you use AWS Certificate Manager and other Amazon services. You require a custom domain on an AWS account. AWS Certificate Manager can be leveraged to obtain Secure Socket Layer (SSL)/Transport Layer Security (TLS) certificates. You need to note that only a Single certificate can be added to an EB-deployed Django App, so add all of the necessary domains to that one certificate. AWS does not allow changes to a verified certificate, so create a new certificate if you need a new domain added.
Steps to Install Free SSL Certificate in AWS Hosted Certificate
You need to have an app or website hosted on AWS to get the free SSL certificate from Amazon. Website / App has to have a dedicated port and complete control over it. Developed platform for the App / Website is irrelevant.
Step 1: Set up an Amazon EC2 Instance
- Log in to the Amazon console and under the “Services” tab, choose the “EC2” option. Post that, click on the “Launch Instance” button. This will create an instance.
- The next step is to choose an Amazon Machine Image (AMI) for selecting the operating system for the instance to use.
- Then, choose the RAM requirement, processing power, size, and type for your server instance. Another option is to select the default settings.
- Next, click on the “Launch” button, where you will be given the option to select a new key. Make a new one (or use an old one if you still have access to the .pem file and want to use it) and give it a name. Download it and keep it somewhere on your computer that is easy to access (I usually keep it in ~/).
- Change directory using “cd” in your terminal and point to the location of the .pem file, and hit the connect button. Now, you can clone the code from your source location or GitHub, install any dependencies, and start the server.
Step 2: Setting up Your AWS Elastic IP Address
The next step is to get an IP address for the instance created in AWS to make the website/app available to the public. Elastic IPs are required to achieve this in AWS. The option to create an Elastic IP is listed on the left side panel. Find it and open up the page. Click on Allocate new address, and then when the EC2 instance you just made shows up in the list, CTRL click on it and select Associate Address. Then select the instance you just created and click Associate.
Edit the security group and add “Port_Num” with type “http” to allow port access. You can visit your site with the format “<Elastic IP Address>:<Port_Num>”.
Now, you have successfully deployed your website / App in AWS. To enhance security, you need to deploy the SSL certificate to your website.
Step 3: How to Set Up a Free SSL Certificate in an AWS Hosted Site
Amazon Certificate Manager helps in creating and using free public certificates for your website/app hosted on Amazon. The only prerequisite is to have a domain created in AWS, which you have already done. One of the services provided by AWS is a Certificate Manager for SSL/ TLS certificates. Now, let us look into the steps involved in setting up an SSL certificate for enhanced security of your website/app hosted on AWS.
- Search for “AWS certificate manager” once you log in to the AWS home page.
- You can find the option under the “Security, Identity & Compliance” section of “All services”. Click on the certificate manager.
- To install a free public certificate, click on the “Get started” button under “Provision certificates” on the AWS Certificate Manager home page.
- A public certificate is required as it is trusted by browsers and operating systems.
- Click on “Request a certificate” to continue.
- Now, the next important step is to add your domain names to the certificate. Please keep in mind that you need to add both formats of domain names as specified: add “www.domain_name.com” and “domain_name.com”
- You have the facility to add up to 10 domain names, including subdomains, in one AWS certificate. Click “Next” after adding all the relevant domain names.
- The next step is to select the validation method. You can choose to validate either by adding a DNS record to the DNS configuration on the web hosting site or via email. If you are relatively familiar with DNS records and web hosting and have access to modify the website’s records, choose “DNS validation”. If you do not have access to modify records via a web hosting site, choose “Email validation”. Click “Next” when you are ready to continue.
- The next step is optional. You can choose to assign metadata to your certificates to help manage them. Click “Review” to continue to the next step.
- It’s time to review the options selected for the certificate. You have to double-check that the domain name is spelled correctly and that the other details are correct. You cannot change your certificate once it is created, so be sure to correct any errors now. When you are ready, click “Confirm and request”.
- The final step is validation. Once the DNS records are generated, you will see your domains with the validation status of “Pending validation”.
What are the Benefits of Using the Free SSL Certificate in an AWS-hosted site?
With the evolution of the internet and technology such as cloud hosting, the ease of doing business has been enhanced. Along with the benefits, there are several threats that are posed to businesses. Using an SSL certificate will create a sense of trust in your customers. There are multiple benefits in leveraging the free SSL certificate provided by AWS. Some of them are discussed below:
-
Security of your website/application
HTTPS shows your website has installed an SSL certificate. It helps you prevent security breaches and get secondary authentication in the shape of Public Key Infrastructure (PKI). It helps to send information only to the receptive server.
-
Authentication
SSL ensures that the right website is accessed while uploading the files and documents. It also considers the validation of target servers while uploading these files.
-
Customer Trust
Your customers who visit your website will have enhanced trust if they are accessing the website for uploading sensitive information.
-
Encryption
Sensitive data can be encrypted while performing an exchange between one device and another device.
-
Prevention from data breach attacks
An SSL certificate on your website can prevent attacks such as phishing, man-in-the-middle attacks, etc. These attacks are now increasing day-to-day on the internet, and securing your website from these attacks is a mandatory requirement. Attacks such as phishing involve cloning of a webpage, and it is not likely that a webpage with an SSL certificate can be replicated. Hence, this scenario is also avoided.
-
Regulatory compliance through SSL
To comply with the Payment Card Industry (PCI) compliance norms, an online business must have at least a 128-bit SSL certificate with proper encryption. The PCI standards also make it mandatory to acquire the SSL certificate from a trusted source. As per their guidelines, a website must use the right strength of encryption for it to be able to take card payments. These guidelines also make it compulsory for the website to provide a private connection on any page that requires customers to enter personal information or sensitive information.
This is a good opportunity provided by AWS through a free SSL certificate. Along with leveraging the free SSL certificate provided, you also have the facility to get your own SSL certificate. There are several types of SSL certificates available.
Please go through the detailed blog article below on SSL / TLS certificates for better understanding:
Encryption Consulting’s AWS Consulting/ Managed PKI / CodeSign Secure
Encryption Consulting LLC (EC) will completely offload the Public Key Infrastructure environment, which means EC will take care of building the PKI infrastructure to lead and manage the PKI environment (on-premises, PKI in the cloud, cloud-based hybrid PKI infrastructure) of your organization. Also, along with PKI, Encryption Consulting also assists you in performing the AWS consulting process for your websites to be deployed on AWS. Also, EC can provide certificate management assessment & implementation as per your requirement.
Encryption Consulting will deploy and support your PKI using a fully developed and tested set of procedures and audited processes. Admin rights to your Active Directory will not be required, and control over your PKI and its associated business processes will always remain with you. Furthermore, for security reasons, the CA keys will be held in FIPS 140-2 Level 3 HSMs hosted either in your secure data center or in our Encryption Consulting data center in Dallas, Texas.
Conclusion
Encryption Consulting’s AWS consulting, Certificate management, PKI-as-a-Service, or managed PKI, allows you to get all the benefits of a well-run PKI without the operational complexity and cost of operating the software and hardware required to run the show. Your teams still maintain the control they need over day-to-day operations while offloading back-end tasks to a trusted team of experts.
