The next step is to configure the ELB to support SSL using AWS CLI (instead of the management console):

1. First we need to generate security credentials to access AWS services from our development machine. Select My Security Credentials from the account drop-down menu:

2. Click on the Continue to Security Credentials button:

3. Next, click on the Create New Access Key button:

4. Click on the Download Key File button (it contains your access and secret keys):

5. Install AWS CLI by executing the following command:

pip install awscli --upgrade --user

6. Include the library in your path by executing the following command (you can include it in a shell script as well):

export PATH=~/.local/bin:$PATH

7. Execute the following command using the previously generated certificate and private key files:

aws iam upload-server-certificate --server-certificate-name a1SelfSignedCertificate   --certificate-body file:///Users/aurobindosarkar/Downloads/cert.pem --private-key file:///Users/aurobindosarkar/Downloads/key.pem
{
    "ServerCertificateMetadata": {
        "ServerCertificateId": "ASCAI3QWEMZYFDPHV4SDA", 
        "ServerCertificateName": "a1SelfSignedCertificate", 
        "Expiration": "2027-11-27T07:58:58Z", 
        "Path": "/", 
        "Arn": "arn:aws:iam::450394462648:server-certificate/a1SelfSignedCertificate", 
        "UploadDate": "2017-11-29T08:34:12.463Z"
    }
}

8. Next, configure the security group to add a custom TCP rule to accept data on port 8443. From the EC2 dashboard, navigate to Load Balancers and click on the Edit security groups option:

9. In our example, the security group is sq-EC2WebSecurityGroup. Click on Edit in the Inbound tab to add the TCP rule to accept data on port 8443. Delete the Custom TCP Rule on Port Range 8080 as it being replaced by the 8443 port:

10. The next step is to add/configure the private and the public key on the ELB:
    • From the EC2 dashboard, navigate to Load Balancers, click on the Listeners tab, and then click on Edit.
    • From Load Balancer Protocol, select HTTPS protocol.
    • Set the Load Balancer Port to 8443; this is the port we added to our security group in our previous step.
    • From the Instance Protocol, select HTTP; this is the protocol between the ELB and the EC2 instances.
    • Set the Instance Port to 8080; this is port the Tomcat is listening on.
    • From the Load Balancer Protocol, delete the HTTP protocol as it is not needed anymore.

11. The next step is to associate the SSL certificate with the ELB. Click on Change under the SSL Certificate:
    • Certificate type: Make sure the option for Choose a certificate from IAM is selected
    • Certificate: Select the name of the certificate uploaded earlier
    • Click on the Save button:

This will configure ELB to support the SSL protocol. Test the URL on the browser using the HTTPS protocol.