Was searching for a way to get it done via the AWS web console, but that didn’t end up fruitful so had to resort to their CLI tools. In addition the ELB was already in production use which meant discarding and recreating it wasn’t really an option..
Prerequisites for the subsequent steps are the ELB API Tools and IAM Command Line Toolkit (which has to be configured with your AWS keys).
- Run ‘iam-servercertlistbypath’ in the bin dir for IAMCLI (e.g. IAMCli-1.2.0\bin). This should give you a list of your SSL certs which are already in your AWS account.
- Run ‘elb-create-lb-listeners
–headers –listener “lb-port=443,instance-port= ,protocol=https,cert-id= ” –region= ’. in the bin dir for ELB API Tools (e.g. ElasticLoadBalancing-1.0.15.1\bin). Replace:
<lb-name> your ELB name
<port> your EC2 instance port
<cert-name> your SSL cert in your AWS account
<aws-region> the region your ELB resides in (this seems to be missing from a lot of docs and was a major pain – I was retrieving empty result lists without this specified)
Something related to ELB which I had to look at sometime back which used these CLI tools was updating of expiring SSL certs. It’s been documented here now so I won’t be repeating it again! :)