Wildcard certificates allow you to use unlimited sub-domains with HTTPS/SSL. Typically if you have 5 or more sub-domains it is cheaper to buy the wildcard certificate then individual subdomain SSL certificates.
Setting up Amazon AWS wildcard certificate requires purchasing a wildcard certificate. The resulting files are converted to PEM format using openssl command line tool. To upload the certificates to Amazon AWS you need to using the AWS command line tool. Once the certificates are on AWS you can use them for Elastic Beanstalk, Elastic Load Balancers and serving S3 assets through CloudFront using your own alternate subdomain.
Make sure you have an admin email user for the domain (ex. email@example.com)
To complete your purchase of the wildcard, copy the contents of geoffcorey.com.csr to Comodo order and you will get emailed a zip file containing the following files:
Now we need the public and private key in PEM format.
Now that we have a wildcard certificate we need to add it to our Amazon AWS account and make 2 versions. The first version is what we will use for Amazon Elastic Beanstalk and Elastic Load Balancers. The second version is uploaded slightly different and use for Amazon CloudFront to serve S3 assets using our domain with SSL.
There are various ways to install Amazon Command Line tool. I am using linux with python pip.
Create IAM credentials on AWS and get your access key and secret access key. Configure awscli tool to use your IAM credentials via
First copy is for server use such as Elastic Beanstalk or Elastic Load Balancers
This copy is used if you want to have an alternate domain name with Amazon Cloudfront to serve your S3 assest under your domain name. Note the use of the –path option.
Go to your Elastic Beanstalk app and click Configuration->Load Balancing.
Set your Secure Listener Port as 443 and Protocol HTTPS and SSL Certificate ID to geoffcorey.com.
Go to AWS Cloudfront Manager and click your CloudFront distribution and edit General.
Set your Alternate Domain Name to the sub-domain you setup in Route 53. In my case I will say media.geoffcorey.com then for the SSL Certificate select geoffcorey.com-cloudfront. It is very important that you select Only Clients that Support Server Name Indication (SNI) or Amazon will charge you an additional $600/mo.
Details can be found in the developer documentation.