how to add a domain to an existing SSL certificate on aws

Erich picture Erich · Apr 3, 2017 · Viewed 8.7k times · Source

I have an SSL certificate associated with a load balancer on Amazon Web Services. I would like to have an additional domain on that certificate. My questions are:

  1. Is it possible to add an additional domain to an EXISTING ssl certificate on aws? I see that you can add additional names when you create one, but I don't see how to do it with an existing certificate.

  2. If no to 1, is it possible to associate 2 certs with the load balancer? Or do I need to create a new one that includes both domains and replace the cert with the new one?

Thank you for your advice.

Answer

Michael - sqlbot picture Michael - sqlbot · Apr 4, 2017

It is not possible to do either of these things.

Certificates can never be modified -- that would invalidate them.

Balancers cannot attach more than one certificate to a given listener, and can't have more than one listener on a port.

Your solution is to create a new certificate with all of the needed domain names, and swap them out.