It took me some time to figure this out. I have a wildcard certificate.
ssl.crt is the certificate you got in a mail from RapidSSL (beneath "Web Server CERTIFICATE"). You will not use the intermediate CA from this mail.
private.key is the key that you generated and should not have a passphrase (file starts with "-----BEGIN RSA PRIVATE KEY-----").
Download certificate chain file:
$ curl -O 'https://www.gandi.net/static/CAs/GandiStandardSSLCA.pem'
Use one of the methods beneath. Afterwards you should be able to select MyWildcardCert when creating load balancers.
Method 1: Using the AWS CLI
Install the AWS CLI and remember to configure it:
pip install -U awscli
I had to convert
private.key like this to get this to work:
$ openssl rsa -in private.key -text > private.pem
Then upload the certificate:
$ aws iam upload-server-certificate --server-certificate-name MyWildcardCert --certificate-body file://ssl.crt --private-key file://private.pem --certificate-chain file://GandiStandardSSLCA.pem
Method 2 (deprecated): Using AWS IAM tools
iam-servercertupload can be installed using Homebrew:
brew install aws-iam-tools.
To upload the certificate to IAM:
$ iam-servercertupload -b ssl.crt -k private.key -c GandiStandardSSLCA.pem -s MyWildcardCert