Replacing the SSL Certificate Used by an HTTPS or SSL Load Balancer

You can specify a new SSL certificate to use by a load balancer with SSL termination.

This certificate replaces the certificate used by HTTPS or SSL listeners of the specified load balancer. It must be an x509-format certificate uploaded in Elastic Identity Management (EIM).

The following x509 certificate formats are supported: x509, PEM, CER, CRT, CSV, RSA, and TXT.

Replacing the SSL Certificate Used by an HTTPS or SSL Load Balancer Using OSC CLI

Before you begin: Upload an SSL server certificate in Elastic Identity Management (EIM). For more information, see Uploading a Server Certificate.

The UpdateLoadBalancer command modifies the specified attribute of a load balancer. You can specify only one attribute at a time.

You can set a new SSL certificate to an SSL or HTTPS listener of a load balancer.
This certificate replaces any certificate used on the same load balancer and port.

You can also replace the currently enabled policy for the load balancer with another one.
If the PolicyNames parameter is empty, the currently enabled policy is disabled.

Request sample: Updating SSL certificate
$ osc-cli api UpdateLoadBalancer --profile "default" \
    --LoadBalancerName "private-lb-example" \
    --LoadBalancerPort 443 \
    --ServerCertificateId "orn:ows:idauth::012345678910:server-certificate/AnotherCertificate"

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • LoadBalancerName: The name of the load balancer.

  • LoadBalancerPort: (optional) The port on which the load balancer is listening (between 1 and 65535, both included). This parameter is required if you want to update the server certificate.

  • ServerCertificateId: (optional) The Outscale Resource Name (ORN) of the server certificate. For more information, see Resource Identifiers > Outscale Resource Names (ORNs). If this parameter is specified, you must also specify the LoadBalancerPort parameter.

The UpdateLoadBalancer command returns the following elements:

  • LoadBalancer: Information about the load balancer.

  • ResponseContext: Information about the context of the response.

Result sample: Updating SSL certificate
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "LoadBalancer": {
    "Tags": [],
    "SourceSecurityGroup": {
      "SecurityGroupName": "security-group-example",
      "SecurityGroupAccountId": "123456789012"
    },
    "SecuredCookies": false,
    "PublicIp": "192.0.2.0",
    "Subnets": [
      "subnet-12345678"
    ],
    "NetId": "vpc-12345678",
    "BackendVmIds": [],
    "ApplicationStickyCookiePolicies": [],
    "SecurityGroups": [
      "sg-12345678"
    ],
    "LoadBalancerType": "internet-facing",
    "AccessLog": {
      "PublicationInterval": 60,
      "IsEnabled": false
    },
    "DnsName": "private-lb-example.123456789.eu-west-2.lbu.outscale.com",
    "HealthCheck": {
      "UnhealthyThreshold": 2,
      "Timeout": 5,
      "CheckInterval": 30,
      "Protocol": "TCP",
      "HealthyThreshold": 10,
      "Port": 80
    },
    "LoadBalancerStickyCookiePolicies": [],
    "SubregionNames": [
      "eu-west-2a"
    ],
    "Listeners": [
      {
        "ServerCertificateId": "orn:ows:idauth::012345678910:server-certificate/AnotherCertificate",
        "BackendPort": 80,
        "BackendProtocol": "HTTP",
        "LoadBalancerPort": 443,
        "LoadBalancerProtocol": "HTTPS"
      }
    ],
    "LoadBalancerName": "private-lb-example"
  }
}

Replacing the SSL Certificate Used by an HTTPS or SSL Load Balancer Using AWS CLI

Before you begin: Upload an SSL server certificate in Elastic Identity Management (EIM). For more information, see Uploading a Server Certificate.

To replace the server certificate used by a load balancer, use the set-load-balancer-listener-ssl-certificate command following this syntax:

Request sample
$ aws elb set-load-balancer-listener-ssl-certificate \
    --profile YOUR_PROFILE \
    --load-balancer-name my-load-balancer \
    --load-balancer-port 443 \
    --ssl-certificate-id arn:aws:iam::123456789000:server-certificate/division/subdivision/my-server-certificate \
    --endpoint https://lbu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • load-balancer-name: The name of the load balancer.

  • load-balancer-port: The port using the SSL certificate.

  • ssl-certificate-id: The OUTSCALE Resource Name (ORN) of the certificate. For more information, see Getting Information About a Server Certificate.

  • endpoint: The endpoint corresponding to the Region you want to send the request to.

The specified server certificate replaces the one used by the HTTPS listeners of the load balancer.

Related Page

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.