This is in continuation to Amazon ELB SSL Termination HowTo. Earlier we have seen how to setup Elastic Load Balancer with SSL termination on Amazon. Now we will see how do we change the SSL certification once we renew it or revoke it for some reason.
One of the most versatile SSL tools is OpenSSL which is an open source implementation of the SSL protocol. There are versions of OpenSSL for nearly every platform, including Windows, Linux, and Mac OS X. OpenSSL is commonly used to create the CSR and private key for many different platforms, including Apache. However, it also has hundreds of different functions that allow you to view the details of a CSR or certificate, compare an MD5 hash of the certificate and private key (to make sure they match), verify that a certificate is installed properly on any website, and convert the certificate to a different format. A compiled version of OpenSSL for Windows can be found here.
Different platforms and devices require SSL certificates to be converted to different formats. For example, a Windows server exports and imports .pfx files while an Apache server uses individual PEM (.crt, .cer) files.
In my previous company I and One of my colleague had to work on Online Certificate Status Protocol (OCSP). These were the steps that we have take to test it. We had put this together so that it will help us in future. If you are testing the same we hope this might help you. Please do let us know of any changes that are require or steps that need to be added.