Newbe Dev Stack

Answer : Given that you're using this in your apache config: SSLCertificateFile /etc/apache2/cert/ssl.crt SSLCertificateKeyFile /etc/apache2/cert/ssl.key The /etc/apache2/cert/ssl.crt file should contain certificate of e.g. yourdomain.com certificate of first intermediate CA, signed by root CA (e.g.StartCom Class 1 Primary Intermediate Server CA) certificate of second intermediate CA, signed by first intermediate CA (if there is a second intermediate CA in your certificate chain) You need to put all intermediate CA's certificates in the crt file. Depending on the certificate chain of your certificate there will be varying number of CAs invovled. You don't even need to add the root CA, as it has to be in the trust store of any clients, otherwise clients will get an error page, also, if you add it to your chain, it will just be additional overhead for establishing SSL connections, as it has to be transferred for every new SSL session. Actually most client...

Answer : Certificates that will be used with an Application Load Balancer (ELB/2.0) need to be created in ACM in the same region as the balancer. Certificates that will be used with CloudFront always need to be created in us-east-1. To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFront distribution are distributed to all the geographic locations configured for that distribution. – http://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html The reason for this is that CloudFront doesn't follow the regional boundary model in AWS. CloudFront edge locations are all over the globe, but are configured and managed out of us-east-1 -- think of it as CloudFront's home region. Once a distribution reaches the Deployed state, it is not operationally dependent on us-east-1, but during provisioning, everything originates from that ...