You can create an SSL/TLS certificate for your application with OpenSSL. OpenSSL is a standard, open source library that supports a wide range of cryptographic functions, including the creation and signing of certificates. For more information about OpenSSL, visit https://www.openssl.org/
- Create an RSA private key to create your certificate signing request (CSR)
openssl genrsa 2048 > privatekey.pem- Create a CSR
openssl req -new -key privatekey.pem -out csr.pem- Sign the certificate
You can submit the signing request to a third party for signing, or sign it yourself for development and testing
openssl x509 -req -days 365 -in csr.pem -signkey privatekey.pem -out public.crt- Upload to IAM
aws iam upload-server-certificate --server-certificate-name keycloak-webdemo-certificate \
--certificate-body file://public.crt --private-key file://privatekey.pem \
--path /cloudfront/keycloak-webdemo/ --region cn-north-1- Retrieving a certificate
aws iam get-server-certificate --server-certificate-name keycloak-webdemo-certificate --region cn-north-1- Listing server certificates
aws iam list-server-certificates --region cn-north-1- Renaming a server certificate or updating its path
aws iam update-server-certificate --server-certificate-name keycloak-webdemo-certificate \
--new-server-certificate-name CloudFrontCertificate \
--new-path /cloudfront/newpath --region cn-north-1- Deleting a certificate
aws iam delete-server-certificate --server-certificate-name keycloak-webdemo-certificateNote: If you upload a server certificate to be used with Amazon CloudFront, you must specify a path using --path. The path must begin with /cloudfront and the path must include a trailing slash, for example, /cloudfront/test/
Upload and import an SSL certificate to AWS Identity and Access Management (IAM)
Troubleshoot issues with using a custom SSL certificate for my CloudFront distribution