1. Generate a Private Key The Private Key is used to decrypt messages sent to the server. Keep this safe and secret! Use any password when prompted (we’ll remove it later). openssl genrsa -des3 -out domain.key 1024
2. Generate a Certificate Signing Request (CSR) The CSR contains the Public Key, used to encrypt messages, and information about the application so the end user (visitor) can see, so enter the information accordingly. openssl req -nodes -newkey rsa:2048 -keyout domain.key -out domain.csr
3. Remove the Password from the Private Key cp domain.key domain.key.password openssl rsa -in domain.key.password -out domain.key
4. Generate the Certificate Make sure to set the number of days before expiration, set to 1 year below. openssl x509 -req -days 365 -in domain.csr -signkey domain.key -out domain.crt
5. Open the AWS Console to upload your certificate
   1. Open the AWS Console
   2. Open the EC2 Dashboard then view “Load Balancers”
   3. Select any load balancer or create a new one (You don’t have to assign it to this ELB)
   4. Click on the Listeners tab of the load balancer
   5. Select HTTPS for a new listener and under SSL Certificate click “Select”
   6. Choose “Upload a new SSL Certificate” and give it a name
6. Copy the Private Key to the “Private Key” field
   1. Output the private key to the command line openssl rsa -in domain.key -text
   2. Copy everything from the “Begin” to the “End” tags (inclusive)
7. Copy the Certificate to the “Public Key Certificate” field
   1. Output the certificate to the command line openssl x509 -inform PEM -in domain.crt
   2. Copy everything from the “Begin” to the “End” tags (inclusive)
8. Save the SSL Cert in AWS
9. Assign this certificate to this or another ELB or within Elastic Beanstalk

References

• http://almostalldigital.wordpress.com/2013/03/07/self-signed-ssl-certificate-for-ec2-load-balancer/