Elastic Load Balancing
Developer Guide (API Version 2012-06-01)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Update the SSL Certificate for Your Load Balancer

If you are using HTTPS/SSL protocol for your listeners, you might have an SSL server certificate installed on your load balancer. Your SSL certificate comes with a validity period. You must replace the certificate before its validity period ends. To replace the certificate you must first create a new certificate by following the same steps you used when you created your certificate for the first time. For information about creating an SSL certificate and uploading it, see SSL Certificates for Elastic Load Balancing.

The following examples show you how to update an SSL certificate.

Prerequisites

Verify that your certificate meets the prerequisites.

Updating an SSL Certificate Using the Console

To update an SSL certificate for an HTTPS load balancer

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under NETWORK & SECURITY, click Load Balancers.

  3. Select your load balancer.

  4. In the Listeners tab, click Change in the SSL Certificate column for the certificate.

  5. In the Select Certificate dialog box, do one of the following:

    • If you have already uploaded your SSL certificate using IAM, select Choose an existing SSL Certificates, select the certificate from Certificate Name, and then click Save.

    • If you have an SSL certificate to upload, select Upload a new SSL Certificate. Enter a name for the certificate, copy the required information to the form, and then click Save. Note that the certificate chain is not required if the certificate is a self-signed certificate.

    Update SSL Certificate

Updating an SSL Certificate Using the AWS CLI

To update an SSL certificate for an HTTPS load balancer

  1. If you have an SSL certificate but have not uploaded it, complete the instructions described in Upload the Signed Certificate.

  2. Use the following get-server-certificate command to get the ARN of the certificate:

    aws iam get-server-certificate --server-certificate-name my-new-certificate
  3. Use the following set-load-balancer-listener-ssl-certificate command to set the certificate:

    aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-loadbalancer --load-balancer-port 443 --ssl-certificate-id arn:aws:iam::123456789012:server-certificate/my-new-certificate