HTTPS: Create a TLS Certificate
We will walk you through the process of creating a TLS certificate in this lesson.
We'll cover the following
As things stand, our application is responding to unencrypted HTTP traffic. In the real world, we want to protect any data as it traverses the network. To do that, we must encrypt our traffic and serve it over HTTPS.
We’ll also take this as an opportunity to practice the two-phase change process discussed in Multi-phase deployments to give the chance to anyone using our HTTP endpoint to migrate to HTTPS before we turn off HTTP.
Creating the certificate#
Requesting a certificate is an infrequent operation that requires human intervention for validation (or more automation than makes sense, for a process that happens only once). Therefore, we’re going to create our certificate manually. To start, let’s visit the AWS Certificate Manager (ACM) console and hit Request a certificate. Then, let’s select the public certificate option.
Next, let’s enter our bare domain (e.g., the-good-parts.com) as well as a wildcard version of the domain (e.g., *.the-good-parts.com). The wildcard will cover our prod and staging subdomains.
Now, we must validate that we control the domain.
If you chose DNS validation, you will reach a Validation step that asks you to add a CNAME record to your DNS hosted zone. If you registered your domain through Route 53, you can simply click the Create record in Route 53 button to complete the validation process. Otherwise, you have to add the requested record to your DNS hosting service.
It usually takes a few minutes for the certificate to be validated. Once it is validated, you should see your issued certificate in the ACM console.
You can also inspect the CNAME record that was added to your hosted zone in Route 53.
Now, we will add an HTTPS endpoint to our application in the next lesson.
