I need to terminate SSL at an AWS ELB instance. IT/Ops has provided me with a ZIP file with the following contents:
DigiCertCA2.pemTrustedRoot.pemwildcard_example_com.crtwildcard_example_com.csrwildcard_example_com.keywildcard_example_com.pem(In reality the domain is obviously not example.com; but this is a wildcard cert for our own domain.)
According to the ELB/SSL docs:
If you have a certificate ready to upload, select Upload a new SSL Certificate to AWS Identity and Access Management (IAM). Enter the name of the certificate. In Private Key, copy and paste the contents of the private key file (PEM-encoded). In Public Key Certificate, copy and paste the contents of the public key certificate file (PEM-encoded). In Certificate Chain, copy and paste the contents of the certificate chain file (PEM-encoded), unless you are using a self-signed certificate and it's not important that browsers implicitly accept the certificate.
However, I'm not sure which cert is the "Certificate Chain File", or if that is even necessary. I believe these certs are signed by a root/trusted CA (not self-signed).
I have no preference whether I do this in the web console or the AWS CLI tool, but what steps/actions do I need to take with my specific files in order to get the ELB properly configured with SSL?
First, don't do this through the old IAM service method, use the new AWS ACM service to manage the certificate. The ACM service also has a nice web interface for doing this.
The company you got the cert from should be able to tell you which file is the chain file, and yes the chain file is required if you want browsers to properly see your SSL certificate as valid. I did a little searching and found this blog post which discusses using Digicert certificates with AWS. It looks like your files are as follows: