SSL certificates and AWS Elastic Load Balancers
So I had a couple of issues when trying to upload my SSL certificates to AWS Load Balancers. I had a .pfx file and struggled to upload it. I thought I'd share how I (eventually) got it working
-
Export the relevant files from the .pfx file you have by using the following commands
Get the private key
openssl pkcs12 -in filename.pfx -nocerts -out key.pemGet the certificate
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pemRemove the password from the private key
openssl rsa -in key.pem -out server.key Create the certificate chain file. Now it appears this is where I had most problems of all. The chain file needs to be in a very specific order, an not only that any intermediate certificates that are not relevant need to be removed otherwise it will not work. This generally means the file needs to be in reverse order to the ones you get from your provider i.e. the root file goes last and the last intermediate cert goes first.
-
Add the certificate. Now this is the tricky part. I gave up on the management console, so used the IAM tools instead to do this.
iam-servercertupload -b <certificate location> -c <chain location> -k <private key> -s <name for AWS>
I found this site here https://www.ssllabs.com/ssltest/index.html which is really useful in testing your SSL set up. It tells you things like when your certificate chain is wrong and the the like
Written by James Toyer
Related protips
1 Response
The sentence in this post "This generally means the file needs to be in reverse order to the ones you get from your provider i.e. the root file goes last and the last intermediate cert goes first." just cured my headache. Thank you.
Have a fresh tip? Share with Coderwall community!
