Read time: 10 minutes, 30 seconds
In this discussion whiteboard, what is meant by SSL? What is TLS certificates? What are the benefits and uses of SSL/TLS? What is the difference between SSL certificate and TLS certificate? How to identify if a website/portal has SSL/TLS certificate? How to get a free SSL certificate for AWS hosted websites? How to request an SSL public certificate using AWS certificate manager? How to add the DNS records to your domain? How to install your own certificate on the server? Let’s get into the topic to understand responses to these questions:
Amazon Web Services (AWS) provides free SSL certificate for websites hosted with them and have a load balancer purchased. AWS Certificate Manager Service lets you to effortlessly provide, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. Using AWS Certificate Manager, you can swiftly request a certificate, deploy it on ACM-integrated AWS resources, such as Elastic Load Balancers, Amazon CloudFront distributions, and APIs on API Gateway, and leverages AWS Certificate Manager to perform certificate renewals. However, it is not an easy process to access and deploy the free SSL/TLS certificates from AWS certificate manager. Let us first understand what SSL and TLS certificates are in the below article:
What is SSL?
SSL stands for Secure Sockets Layer; it is the standard technology for keeping an Internet connection secure and safeguarding any sensitive data sent between two systems. The two systems can be server to client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or payroll information). An SSL certificate is a digital certificate or electric document providing proof of public key ownership. This certificate is an important indication to the user that passwords, contact information, and credit card numbers will remain secure as they are sent from the client’s browser to the website’s web server.
What is TLS?
TLS stands for Transport Layer Security, which is just an updated, and more secure, version of SSL. TLS is a cryptographic protocol that establishes an encrypted session between applications over the Internet. TLS certificates usually contain the following information:
- The subject domain name
- The subject organization
- The name of the issuing CA
- Additional or alternative subject domain names, including subdomains, if any
- Issue date
- Expiry date
- The public key (The private key, however, is kept a secret.)
- The digital signature of the CA
How does TLS work?
TLS uses a combination of symmetric and asymmetric cryptography, as this provides a good negotiation between performance and security when transmitting data securely. A TLS certificate is the successor of the SSL certificate.
However, the terms are often used interchangeably given the term SSL has become interchangeable with website encryption and security.
How to get free SSL certificate for AWS hosted sites?
Amazon Web Services offers free public certificate for your hosted website if you use AWS certificate manager and other Amazon services. You require a custom domain on AWS account. AWS certificate manager can be leveraged to obtain Secure Socket Layer (SSL)/ Transfer Layer Security (TLS) certificates. You need to note that only Single certificate can be added to an EB deployed Django App so add all of the necessary domain to that one certificate. AWS does not allow changes to a verified certificate so create a new certificate if you need a new domain added.
Steps to install free SSL certificate in AWS hosted certificate
You need to have an app or website hosted on Amazon Web Services to get the free SSL certificate from Amazon. Website / App has to have a dedicated port and complete control over it. Developed platform for the App / Website is irrelevant.
- Log into the Amazon console and under “Services” tab choose “EC2” option. Post that, click on “Launch Instance” button. This will create an instance.
- Next step is to choose Amazon Machine Image (AMI) for selecting the operating system for the instance to use.
- Then, choose the RAM requirement, processing power, the size and type for your server instance. Another option is to select the default settings.
- Next click on “Launch” button where you will be given option to select new key. Make a new one (or use an old one if you still have access to the .pem file and want to use it) and give it a name. Download it and keep it somewhere on your computer that is easy to access (I usually keep it in ~/).
- Change directory using “cd” in your terminal and point to the location of .pem location and hit connect button. Now, you can clone the code from your source location or GitHub and install any dependencies and start the server.
Step 2: Setting up your AWS Elastic IP address
Next step is to get an IP address for the instance created in the AWS to make the website / app available for the public. Elastic IPs are required to achieve this in AWS. The option to create Elastic IP is listed on the left side panel. Find it and open up the page. Click on Allocate new address and then when the EC2 instance you just made shows up in the list, CTRL click on it and select Associate Address. Then select the instance you just created and click Associate.
Edit security group and add “Port_Num” with type “http” to allow the port access. You can visit your site with the format “<Elastic IP Address>:<Port_Num>”.
Now, you have successfully deployed your website / App in AWS. To enhance the security you need to deploy the SSL certificate to your website.
Step 3: How to setup free SSL certificate in AWS hosted site
Amazon Certificate Manager helps in creating and using free public certificates for your website / app hosted on Amazon. The only pre-requisite is to have a domain created in AWS which you have already done. One of the services provided by AWS is a Certificate Manager for Secure Socket Layer (SSL)/ Transfer Layer Security (TLS) certificates. Now, let us look into the steps involved in setting up SSL certificate for enhanced security of your website / app hosted on AWS.
- Search for “AWS certificate manager” once you log in to the AWS home page.
- You can find the option under “Security, Identity & Compliance” section of “All services”. Click open the certificate manager.
- For installing free public certificate, click on “Get started” button under “Provision certificates” on AWS certificate manager home page
- Public certificate is required as it is trusted by browsers and operating systems.
- Click on “Request a certificate” to continue
- Now, next important step is to add your domain names in to the certificate. Please keep in mind that you need to add both formats of domain names as specified: add “www.domain_name.com” and “domain_name.com”
- You have the facility to add up to 10 domain names, including sub domains in one AWS certificate. Click “Next” after adding all the relevant domain names.
- Next step is to select the validation method. You can choose to validate either by adding a DNS record to the DNS configuration on the web hosting site or via email. If you are relatively familiar with DNS records, web hosting, and have access to modify the website’s records, choose “DNS validation”. If you do not have access to modify records via a web hosting site, choose “Email validation”. Click “Next” when you are ready to continue.
- The next step is optional. You can choose to assign metadata to your certificates to help manage them. Click “Review” to continue to the next step.
- It’s time to review the options selected for the certificate. You have to double-check the domain name is spelled correctly and other details. You cannot change your certificate once it is created, so be sure to change any errors now. When you are ready, click “Confirm and request”.
- Final step is validation, once the DNS records are generated, you will see your domains with the validation status of “Pending validation”.
What are the benefits of using the free SSL certificate in AWS hosted site?
With the evolution of internet and technology such as cloud hosting, ease of doing business has been enhanced. Along with the benefits there are several threats that are posed to businesses. Using SSL certificate will create a sense of trust in your customers. There are multiple benefits in leveraging the free SSL certificate provided by Amazon Web Services. Some of them are discussed below:
- Security of your website / application: The HTTPS shows your website has installed an SSL certificate. It helps you prevent security breaches and get secondary authentication in the shape of Public Key Infrastructure (PKI). It helps to send information only to the receptive server.
- Authentication: SSL ensures that right website is accessed while uploading the files and documents. It also considers the validation of target servers while uploading these files.
- Customer Trust: Your customers who visit your website will have enhanced trust if they are accessing the website for uploading sensitive information.
- Encryption: Sensitive data can be encrypted while performing exchange between one device to another device.
- Prevention from data breach attacks: SSL certificate on your website can prevent attacks such as phishing, Man in the middle attacks etc. These attacks are now increasing day-to-day in internet today and securing your website from these attacks is a mandatory requirement. Attacks such as phishing involve cloning of webpage and it is not likely that a webpage with SSL certificate can be replicate. Hence, this scenario is also avoided.
- Regulatory compliance through SSL: To comply with the Payments Card Industry (PCI) compliance norms, an online business must have at least a 128-bit SSL certificate with proper encryption. The PCI standards also make it mandatory to acquire the SSL certificate from a trusted source. As per their guidelines, a website must use the right strength of encryption for it to be able to take card payments. These guidelines also make it compulsory for the website to provide a private connection on any page that requires customers to enter personal information / sensitive information.
This is a good opportunity provided by Amazon Web Services (AWS) through free SSL certificate. Along with leveraging the free SSL certificate provided, you also have the facility to get your own SSL certificate. There are several type of SSL certificates available. Please go through the below detailed blog article on SSL / TLS certificates for better understanding:
Encryption Consulting's AWS Consulting/ Managed PKI / CodeSign Secure
Encryption Consulting LLC (EC) will completely offload the Public Key Infrastructure environment, which means EC will take care of building the PKI infrastructure to lead and manage the PKI environment (on-premises, PKI in the cloud, cloud-based hybrid PKI infrastructure) of your organization. Also, along with PKI, Encryption Consulting also assists you in performing AWS consulting process for your websites to be deployed on AWS. Also, you can EC provides certificate management assessment & implementation as per your requirement.
Encryption Consulting will deploy and support your PKI using a fully developed and tested set of procedures and audited processes. Admin rights to your Active Directory will not be required and control over your PKI and its associated business processes will always remain with you. Furthermore, for security reasons the CA keys will be held in FIPS 140-2 Level 3 HSMs hosted either in in your secure datacentre or in our Encryption Consulting datacentre in Dallas, Texas.
Encryption Consulting’s AWS consulting, Certificate management, PKI-as-a-Service, or managed PKI, allows you to get all the benefits of a well-run PKI without the operational complexity and cost of operating the software and hardware required to run the show. Your teams still maintain the control they need over day-to-day operations while offloading back-end tasks to a trusted team of experts.