SSL key Renewal

Renewal of Certificate
1. login into http://in.godaddy.com/
2. Click on ssl Tab <SSL CERTIFICATES>
3. Click on the Manage button to Renew
4. Check on Certificate Details Status it will show Renew certificate link, click on it
5. The CSR <Default> will be there as we are RENEWING CERTIFICATE.Add Subject
Alternative Name (SAN) if we need certificats for sub-Domains also,
scroll down and Accept the Subscriber Agreement and click on Request Certificate.
6. Certificate Request Verification page will appear. In this page we need to verify that we have
control over these Domains using html page or TXT record
(Note: If we have purchased Domains in godaddy it will auto verify, and it will take 5 to 10
minutes)
Download the Certificates both for httpd and tomcat

Uploading Certificate in Load Balancer

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, under LOAD BALANCING, click Load Balancers.

Select your load balancer.

In the Listeners tab, click Change in the SSL Certificate column for the certificate.

In the Select Certificate dialog box, do the following:

If you have an SSL certificate to upload, select Upload a new SSL Certificate. Enter a name for
the certificate, copy the required information to the form, and then click Save. Note that the
certificate chain is not required if the certificate is a self-signed certificate.

Certificate Name Format <platform_name_year-year>

example:Prizzma-2015-16

Private Key should contain the values from your server file
if we don't have a private key, we have to export it using .p12 file by this command

openssl pkcs12 -in prizzma2015.p12 -clcerts -nodes -nocerts -out private.pem

Public Key Certificate should contain the values from the key/crt file from ssl providers
Certificate chain should contain the values from the gd-bundle key/crt file from ssl providers
Note these values should be copied from the httpd/apache file which we have downloaded from the
ssl provider (godaddy)

Uploading Certificate in tomcat (PKCS 12)

download certificate from godaddy specific to tomcat and extract it then execute below command to
create/generate .p12 file

#openssl pkcs12 -export -chain -CAfile <gd_bundle-g2-g1.crt> -in <publicfile.crt> -inkey

<private.key> -out <outket.p12> -name tomcat -passout pass:<changeit>
-CAfile should contain gdbundle file
-in should contain the public key/crt file
-inkey should contain the private key of our server
pass: should contain you password