Last Updated: February 25, 2016
· pilt

Upload SSL certificates issued by RapidSSL to AWS for use with ELB

It took me some time to figure this out. I have a wildcard certificate.

ssl.crt is the certificate you got in a mail from RapidSSL (beneath "Web Server CERTIFICATE"). You will not use the intermediate CA from this mail. private.key is the key that you generated and should not have a passphrase (file starts with "-----BEGIN RSA PRIVATE KEY-----").

Download certificate chain file:

$ curl -O ''

Use one of the methods beneath. Afterwards you should be able to select MyWildcardCert when creating load balancers.

Method 1: Using the AWS CLI

Install the AWS CLI and remember to configure it: pip install -U awscli

I had to convert private.key like this to get this to work:

$ openssl rsa -in private.key -text > private.pem

Then upload the certificate:

$ aws iam upload-server-certificate --server-certificate-name MyWildcardCert --certificate-body file://ssl.crt --private-key file://private.pem --certificate-chain file://GandiStandardSSLCA.pem

Method 2 (deprecated): Using AWS IAM tools

iam-servercertupload can be installed using Homebrew: brew install aws-iam-tools.

To upload the certificate to IAM:

$ iam-servercertupload -b ssl.crt -k private.key -c GandiStandardSSLCA.pem -s MyWildcardCert