1

00:00:08,090  -->  00:00:15,269
okay so now we're going to be using the
AWS certificate manager to create an SSL certificate

2

00:00:15,269  -->  00:00:19,650
and we're going to associate
that with our domain that we just

3

00:00:19,650  -->  00:00:25,710
purchased and by doing that we're going
to be able to set up HTTPS for encrypted traffic

4

00:00:25,710  -->  00:00:31,949
to our website so we need to go
into the AWS certificate manager

5

00:00:31,949  -->  00:00:35,930
go to services and certificate manager

6

00:00:35,989  -->  00:00:40,860
and if we've never used it before
we've got no certificates we'll have a

7

00:00:40,860  -->  00:00:45,180
welcome screen here, we don't want to
select private certificate authority

8

00:00:45,180  -->  00:00:49,710
that is not what you want you'll want to
select provision certificates and we'll

9

00:00:49,710  -->  00:00:53,640
click on get started there what we want
to do is we want to request a public certificate

10

00:00:53,640  -->  00:00:59,070
and we click on request a
certificate and what we need to do now

11

00:00:59,070  -->  00:01:10,530
is that we need to add in our domain
names so the first one there thedevkid.com

12

00:01:10,530  -->  00:01:15,900
and what we also want to do is actually

13

00:01:15,900  -->  00:01:22,280
have this certificate also for our
subdomain as well so we might have a

14

00:01:22,280  -->  00:01:29,939
WWW.thedevkid.com or we might have user.thedevkid.com or whatever

15

00:01:29,939  -->  00:01:33,869
we can put those all in individually if we
like, so we just go in here and add

16

00:01:33,869  -->  00:01:36,570
another name to this certificate so you can see there we could put

17

00:01:36,570  -->  00:01:41,820
in there WWW.example.com but what I'm
going to do is I'm going to use a

18

00:01:41,820  -->  00:01:48,689
wild-card symbol so just a star and
then dot and then thedevkid.com or

19

00:01:48,689  -->  00:01:54,030
whatever your domain name is and so what
that will do is it will make this certificate

20

00:01:54,030  -->  00:01:58,920
valid for any subdomain as
well as the root domain as well

21

00:01:58,920  -->  00:02:03,630
we click on next and we've got two options here,
so when certificate manager first

22

00:02:03,630  -->  00:02:08,369
came out there was only email validation,
it did cause a few problems with a lot of students

23

00:02:08,369  -->  00:02:11,550
because the emails just seem
to go missing or they typed in the wrong email

24

00:02:11,550  -->  00:02:14,920
when they were doing this certificate

25

00:02:14,920  -->  00:02:19,960
this lab is being recreated using the
new DNS validation method which i think

26

00:02:19,960  -->  00:02:25,060
is a lot quicker and easier and what it
does is that because we need to

27

00:02:25,060  -->  00:02:30,940
establish an association between our
domain name and this certificate what we

28

00:02:30,940  -->  00:02:36,190
do is the certificate manager gives us
some some records that we need to put

29

00:02:36,190  -->  00:02:40,780
into our domain name service and then
the certificate many you can pick those

30

00:02:40,780  -->  00:02:45,940
up and by doing that he can identify
that that that we do actually have

31

00:02:45,940  -->  00:02:52,480
power over that that domain, so we click on
review and we can see here we've got our

32

00:02:52,480  -->  00:02:56,230
domain name and our additional name
being our wild-card symbol for all these

33

00:02:56,230  -->  00:03:01,000
subdomains and our validation method
there is DNS, we click on confirm and

34

00:03:01,000  -->  00:03:07,900
request, okay so it'll take a few seconds
to to get it things happening

35

00:03:07,900  -->  00:03:14,140
so there it is now because we've selected DNS
validation we need to create records in route 53

36

00:03:14,140  -->  00:03:19,780
now there is actually an easier way, 
we can actually export these by just

37

00:03:19,780  -->  00:03:23,050
downloading this file which will have
all those details for us, but there is a

38

00:03:23,050  -->  00:03:28,269
much easier way and that is simply to by
expanding these domains and in there

39

00:03:28,269  -->  00:03:35,019
you've got the name and the cname record
type and whatever and we can actually

40

00:03:35,019  -->  00:03:38,200
have the certificate manager do it for
us so we just click on create record in

41

00:03:38,200  -->  00:03:46,630
route 53 and it'll ask us if that's ok
and we just click on create and it says

42

00:03:46,630  -->  00:03:50,650
success so the DNS record was written to
your route 53 hosted zone for that

43

00:03:50,650  -->  00:03:54,880
domain it takes up to 30 minutes for
that to propagate across the internet

44

00:03:54,880  -->  00:04:00,040
and then the certificate manager can
pick that up now we should also do that

45

00:04:00,040  -->  00:04:04,269
for the wild card domain but we don't
need to because they are exactly the

46

00:04:04,269  -->  00:04:09,130
same record so you can see here that is
exactly the same as that and that is

47

00:04:09,130  -->  00:04:12,010
exactly the same as that, so we don't
need to do anything we just need to do

48

00:04:12,010  -->  00:04:15,160
that once to put that one record, if we
do it twice it's just going to override

49

00:04:15,160  -->  00:04:23,650
the other record, okay so we click on
continue and that will take us to the to

50

00:04:23,650  -->  00:04:27,380
the certificate dashboard which will
all of our certificates so we've already

51

00:04:27,380  -->  00:04:31,370
got one there it's pending validation
and it'll take about half an hour so you

52

00:04:31,370  -->  00:04:35,330
go away have a cup of coffee whatever
you want to do and just come back and

53

00:04:35,330  -->  00:04:43,250
just click on refresh icon here until
it's it's been validated

54

00:04:43,250  -->  00:04:48,920
okay so it's been about 20 minutes or so and after
clicking the Refresh icon we can see

55

00:04:48,920  -->  00:04:54,260
that the status is now issued so that
brings us to the end of this part of the

56

00:04:54,260  -->  00:04:58,550
lab coming up next we'll be creating a
cloudfront distribution which we'll be

57

00:04:58,550  -->  00:05:05,240
putting in front of our static website
and that will help us to have really low

58

00:05:05,240  -->  00:05:10,520
latency high-speed access to our website
no matter where in the globe we are

59

00:05:10,520  -->  00:05:15,100
actually located, so I'll see you in the
next one