_qdmwg
Last Updated: February 25, 2016
·
3.225K
· jamestoyer

SSL certificates and AWS Elastic Load Balancers

So I had a couple of issues when trying to upload my SSL certificates to AWS Load Balancers. I had a .pfx file and struggled to upload it. I thought I'd share how I (eventually) got it working

  1. Export the relevant files from the .pfx file you have by using the following commands

    Get the private key

    openssl pkcs12 -in filename.pfx -nocerts -out key.pem

    Get the certificate

    openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

    Remove the password from the private key

    openssl rsa -in key.pem -out server.key
  2. Create the certificate chain file. Now it appears this is where I had most problems of all. The chain file needs to be in a very specific order, an not only that any intermediate certificates that are not relevant need to be removed otherwise it will not work. This generally means the file needs to be in reverse order to the ones you get from your provider i.e. the root file goes last and the last intermediate cert goes first.

  3. Add the certificate. Now this is the tricky part. I gave up on the management console, so used the IAM tools instead to do this.

    iam-servercertupload -b <certificate location> -c <chain location> -k <private key> -s <name for AWS>

I found this site here https://www.ssllabs.com/ssltest/index.html which is really useful in testing your SSL set up. It tells you things like when your certificate chain is wrong and the the like

1 Response
Add your response

15042

The sentence in this post "This generally means the file needs to be in reverse order to the ones you get from your provider i.e. the root file goes last and the last intermediate cert goes first." just cured my headache. Thank you.

over 1 year ago ·