CODEWITHSUNDEEP
amazon-web-servicesopensslssl-certificateamazon-elbpfx
snowindy
snowindy

Reputation: 3251

How to use *.pfx certificate for Amazon ELB SSL

I have cert.pfx file, I need to install to be used in Amazon Elastic Load Balancer. How can I do it?

Upvotes: 20

Views: 13682

Answers (3)

snowindy
snowindy

Reputation: 3251

  1. Extract private key without password. First command will request pfx password and prompt for a password for key.pem; a password for key.pem must be provided. Second command asks for key.pem password provided for 1st command.

openssl pkcs12 -in cert.pfx -nocerts -out key.pem openssl rsa -in key.pem -out server.key

  1. Extract certificate:

openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.pem

  1. Extract certificate chain:

openssl pkcs12 -in cert.pfx -nodes -nokeys -out chain.pem

  1. Certificate chain contains several items. You may need to remove item that refers to your certificate, it's on top and it's not needed. Give a try with/without removing top item. After that the other items should be placed in reverse order.

  2. server.key is private key in ELB, cert.pem is certificate in ELB, output #4 is certificate chain.

Good luck!

Upvotes: 39

Maurizio Benedetti
Maurizio Benedetti

Reputation: 3577

you can easily convert the format of the certificate using the OpenSSL suite.

The process is very easy and a good guide is here: http://www.petefreitag.com/item/16.cfm.

About the different steps (taken from the link I reported above):

# Export the private key file from the pfx file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem

# Export the certificate file from the pfx file
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

# This removes the passphrase from the private key so Apache won't
# prompt you for your passphase when it starts
openssl rsa -in key.pem -out server.key

Now, if you have a linux distro, it is straight forward to install openSSL (yum install openssl on an rpm based distro).

If you don't have a linux distro installed, then the quickest would be to go for a live distribution (I personally love fedora https://getfedora.org/)

I hope this helps

Upvotes: 3

Jubba Smail
Jubba Smail

Reputation: 1227

First go to Certificate Manager and import your certificate [cert, key, chain], then create AWS LB with existing certificate.

Upvotes: -1

Related Questions