The application should not concern itself over HTTPS negotiations and therefore is handled at the AWS level.
- Locate the appropriate ELB
- Add listener for 443 on the ELB to 443 on the instance.
- Add a listener for 443 to 444 if all traffic should be redirected to 443.
- Upload appropriate private key & certificate chain in PEM-encoded format with the password removed.
- Enjoy the HTTPS site. :)