-
Notifications
You must be signed in to change notification settings - Fork 30
Requesting and Installing TLS Certificates
cthulhuplus edited this page May 20, 2022
·
3 revisions
There are several different ways to do this, you can use a website, you can run openSSL commands More steps
From CMS Help Desk circa 2022
You can get the SSL certificate through the IUSG-DOM team by:
1. Submitting a request via the CMS Connect portal
Select Request then click “View All”
Select “Operations and Hosting”
Select “SSL Certificates”
Choose the appropriate certificate
Complete the form
Click “Submit” when completed
2. Sending an email to the CMS-DOMSSLCert mailbox at DOMSSLCert@cms.hhs.gov
Required information:
Name of requestor
CMS business owner component
CMS business owner POC
Email contact
The certificate signing request (CSR) file.
For more detailed instructions, please refer to Requesting SSL/TLS certificates
Once the SSL certificate is obtained, please import it to AWS Certificate Manager (ACM). To learn more about how to use the ACM to manage your certificates feel free to review our Importing certificates into ACM
CMS Cloud does provide one-time training to teach your team how to create a CSR, upload the new certificate into ACM, and push the certificate to your systems. Please comment in this ticket to take advantage of the training.
- Log into AWS and go to AWS Certificate Manager, ACM.
- Click on Import
- Copy and paste in the certificate you received from the cert issuer
- Copy and paste the key from the CSR that you generated as a part of requesting the certificate
- Copy and paste the Certificate chain that you received from the cert issuer
- Once the certificate has been navigate to CloudFront
- Click Distributions and pick/click the domain/distribution where you want to install the new cert
- Under General > Settings and pick the new cert from the "Custom SSL certificate - optional" drop down
- Next navigate to EC2 > Load Balancers and choose the load balancer you need to update the certs on
- Navigate to the Listerners Tab and select the Listener you want to edit and click Edit next to Add Listener
- Navigate to Secure Listener Settings > Default SSL/TLS Certificate and select the new cert from the drop down
- Go back to EC2 > Load Balancers, select the same Load Balancer and go back to the Listeners tab
- Click View/Edit Certificate on 443
- Click the top + at the top of the page, select the new certs, remove the old certs
- Team Working Agreement
- Team composition
- Workflows and processes
- Testing and bug filing
- Accessing eAPD
- Active Documentation:
- Sandbox Environment
- Glossary of acronyms
- APDs 101
- Design iterations archive
- MMIS Budget calculations
- HITECH Budget calculations
- Beyond the APD: From Paper to Pixels
- UX principles
- User research process
- Visual styling
- Content guide
- User research findings
- eAPD pilot findings
- User needs
- Developer info
- Development environment
- Coding Standards
- Development deployment
- Infrastructure Architecture
- Code Architecture
- Tech 101
- Authentication
- APD Auto Saving Process
- Resetting an Environment
- Hardware Software List
- Deploying Staging Production Instances Using Scripts
- Terraform 101 for eAPD
- Provisioning Infrastructure with Terraform
- WebSocket basics
- Operations-and-Support-Index
- Single Branch Deployment Strategy
- Ops and Support Overview
- Service Level AOI
- Incident Response Plan
- On-Call Policy
- Infrastructure Contingency Plan
- Updating CloudFront Security Headers
- Requesting and Installing TLS Certificates