How to Import SSL certificate in AWS Certificate Manager and apply on ELB

In this post we will show you how to apply an SSL certificate on an AWS ELB.

Image source aws.amazon.com

To use the certificate in ELB first we will have to import it in AWS Certificate Manager(ACM).

Currently ACM needs PEM files namely Certificate Body, Certificate Private Key and  Certificate Chain. You can check ACM SSL certificate pre-requisites here.

If you have the SSL certificate in .pem formats you can directly go to Step 7. Else if you have certifcate in .pfx or other format please follow from Step 1.

Step 1  As mentioned earlier ACM expects the certificates in PEM format. So we will first convert the certificates from pfx to pem format using openssl tool.

Step 2  Download the openssl binaries for windows of Linux from the links on openssl site.

Step 3 Once downloaded, install it. In our case we have installed the exe on windows.

Step 4 Go to the location where the OpenSSL is installed. In the bin folder you will find the openssl.exe . We will use this exe for conversion as per below commands. (You may need the import password you used while generation of SSL certificate)

Execute below command in windows command prompt(CMD) as an administrator.

C:\OpenSSL-Win64\bin>openssl pkcs12 -in "C:\OpenSSL-Win64\bin\test-cloud.cloudvedas.com.pfx" -nodes -out "C:\OpenSSL-Win64\bin\test\test-cloud.cloudvedas.com.pem"

Enter Import Password:

Step 5 In the above command with “-in” you provide location where your .pfx certificate is kept. In “-out” you define the destination where the newly created .pem file should be kept. You can create a pem file from other certificate formats like .cer, .der, .p7b etc. also using openssl. Just explore its help options and execute command as we have done above.

Step 6 Once the .pem file is created you can open it with notepad. It will have multiple certificates and a key in it.

Step 7 Now go to AWS ACM console and click on Import a certificate.

Step 8 In the  Certificate body enter the complete certificate with all digits as below. In it’s description it will have something like friendlyName.

-----BEGIN CERTIFICATE-----

hdshgdhsgjjdghweuiw123hjhd8

-----END CERTIFICATE-----

Step 9 Similarly enter the private key contents as below.

-----BEGIN PRIVATE KEY-----

deuiryfmvfv7682376ruifn3487tdfi58fvnf8g9

-----END PRIVATE KEY-----

Step 10 Similarly enter the Certificate Chain .

-----BEGIN CERTIFICATE-----

yeuiwye78689ywhyeyds85d76ctd7cx7c56x8

-----END CERTIFICATE-----

Step 11 Finally review and save the certificate.

Step 12 Now go to Route 53 > Hosted Zone and create a record set. Check this link if you want to create a new Hosted Zone.

Step 13 Once inside the hosted zone create a record set where you will basically map your friendly URL name (test-cloud.cloudvedas.com) to the load balancer with a CNAME. (refer image below)

Step 14 Now go to Load Balancer section and click on your ELB.

Step 15 Go to listeners tab and click on Edit.  Click “Add” and in the Load Balancer protocol select HTTPS. In the same window click “Change” option below SSL certificate.

Step 16 In the new window select Choose an existing certificate from AWS Certificate Manager (ACM), and then select the certificate that you created, from Certificate list. Finally click on Save.

Congrats! You have now applied a new SSL certificate to the load balancer. Do let us know in comments section if you have any query.

Solved: How to start or stop Jenkins in Linux and check it’s port number

In this post we will see how to start or stop Jenkins on different Linux distributions. Also we will see how to check the status of Jenkins service and identify the port on which it is running or listening.

If you have installed Jenkins on a Fedora or Debian based distribution like Ubuntu, you can use the below commands:

Start Jenkins

$ sudo service jenkins start

Stop Jenkins

$ sudo service jenkins stop

Restart Jenkins

$ sudo service jenkins restart

Check Jenkins status

$ sudo service jenkins status

For other Linux distribution like RHEL or CentOS use:

Start Jenkins

$ sudo systemctl start jenkins.service

Stop Jenkins

$ sudo systemctl stop jenkins.service

Restart Jenkins

$ sudo systemctl restart jenkins.service

Check Jenkins status

$ sudo systemctl status jenkins.service

Check Jenkins Port

To check the port on which Jenkins is listening we can use “lsof”(check installation instructions at the end) command.

[ec2-user@cloudvedas ~]$ sudo /usr/sbin/lsof -i -P | grep -i jenkins
java 1030 jenkins 161u IPv6 27986 0t0 TCP *:8080 (LISTEN)

Above we can see Jenkins is listening on port 8080.

If you do not have lsof you can simply install it with following commands

Ubuntu

sudo apt-get install lsof

RHEL or CentOS

sudo yum install lsof

How to prepare for AWS Certified SysOps Administrator – Associate

In one of our earlier post we have detailed about which AWS certification is suitable for you ?

If you are from System Admin or DevOps background the  AWS Certified SysOps Administrator – Associate certification will be a good plus for you.

If you are  an absolute beginner on AWS you can start with free labs from AWS . To practice further you can create free AWS account. These two actions will get you started on AWS.

Beware that if you go beyond free tier limits you will be billed. Best practice is to create a billing alert.  This alert can save you from unexpected bill shocker.

If you want to learn further you can opt for either classroom course or online course. The classroom course is generally expensive and range between USD 600 to 2000. While the online course can cost you anything between USD 10 to USD 300 depending on which course you choose.

Our personal opinion is that you should go for online courses as they are cheaper and if you follow their labs honestly(yeah not just seeing him do it but actually doing the labs yourself 😉 ) they can be as good as classroom training.

In online courses we found courses from two providers acloudguru and linux academy  to be good. Earlier the Linux Academy course was only available through their site using a monthly plan but the same course is now available on Udemy too. The acloudguru course is already available on Udemy from longtime.  Though both these courses are available to purchase from their respective site under monthly subscription but, if you buy these courses from Udemy you pay only once and get lifetime access to same courses.  And many times Udemy provide heavy discounts on courses which can get you a good bargain.

The acloudguru course is delivered by Ryan who is enthusiastic and teach you really well. Though sometime he can get a bit click happy and can quickly zip past few topics. But, you always have the option to rewind and go through the topic again 🙂 .

The labs in the course are very useful and helps you get deep understanding of topic. The course also has quizzes to check your knowledge.

Overall we found the acloudguru course to be beneficial in getting you exam ready.

However do note that the course alone is not enough to clear the exam. You should go through whitepapers and FAQs of atleast below services .

  • EC2
  • S3
  • VPC
  • Route 53
  • CloudWatch
  • OpsWorks
  • Billing

Exam pattern

Exam has Multiple-choice and multiple-answer questions. Exam is of 80 minutes. You can download the exam blueprint here.

Practice Exam Questions

To get a good evaluation of your preparation you can go through another course  for sample exam questions on Udemy  .

Exam Cost

Exam will cost you USD 150. AWS also gives you an option to book a practice exam for USD 20 before you go for actual exam.

How to book exam

To book an exam you will have to create an account in AWS Training and Certification Portal .

Passing score

AWS doesn’t reveal minimum passing score and it keeps on changing. But we have observed that generally people who score above 70% passed the exam. You will immediately see the score on you screen once you finish the test and will also get a report on your mail within 1 hour.

Exam Tips

  • Get good sleep and keep calm during the exam.
  • You won’t get more than 3 mins per question.
  • You may find some very long questions in exam. Best strategy to tackle them is to read the answer options first and then check for relevant info in question.
  • Since it’s an AWS exam so look for AWS related options in the answers.  Chances are high that  Non-AWS related option in answer will be wrong.
  • AWS exams generally don’t focus on mugging their datasheets. So you won’t get a question like “How much RAM does a C3.xlarge offer?” .

That’s all folks! Best of luck for the exam!

Do let us know in comments section if you have any query.