Reputation: 9702
AWS ELB SSL returns "The private key did not match the public key provided"
I got the PEM files (with openssl) in order to paste them in AWS ELB for https protocol.
In AWS in "Select Certificate" window I paste:
Private Key: private.pem which starts with-----BEGIN RSA PRIVATE KEY-----Public Key Certificate: public.pem which starts with-----BEGIN CERTIFICATE------ Certificate Chain: Empty
When I Saves it I receive:
Can you help me to figure out what am I doing wrong?
Upvotes: 1
Views: 8376
Answers (1)
Reputation: 1008
There seems to be a mismatch in public-private key pair. Also, AWS recommends to have a certificate chain, otherwise it will consider the server as an unverified SSL.
Seems like you have to regenerate your SSL certificate.
For this you can do the following:-
1. Create SSL private key using OPENSSL.
sudo openssl genrsa -out your-private-key-name.pem 2048
2. Next, create a CSR key using OPEN-SSL
openssl req -sha256 -new -key your-private-key-name.pem -out csr.pem
The system will ask for some details, like your country, city, company name etc. Fill in those details.
These steps will result in two .pem files.
Now, while generating your SSL certificate from your SSL provider, generate the SSL certificate using the csr.pem contents.
After verification, you will be provided with your SSL certificate (.crt) files. [Generally, two .crt files]
Now, you have to configure this configuration onto AWS server.
Open the form (for which you have posted the screenshot).
a. For private key section, post the contents of your-private-key-name.pem
b. Open one of the .crt files with a text editor. If this has only one set of
-----BEGIN CERTIFICATE----- AND -----END CERTIFICATE-----
paste it in the Public Key Certificate section.
c. If the .crt file has multiple sets of
-----BEGIN CERTIFICATE----- AND -----END CERTIFICATE-----
paste it in the Certificate Chain section.
Now, you have entered your Private Key, Public Key and Certificate Chain AWS should not give any error.
NOTE: If you have not purchased a certificate, and are using a self-signed certificate, you can skip the steps (4), (5), (7)-c and leave the Certificate Chain blank.
Hope that helps.
EDIT
Do not copy the contents of .pem and .crt files directly from LINUX (vi editor). Open the files in windows and then paste the contents into the AWS form. I had a similar issue and this was what i was doing wrong.
Upvotes: 3
Related Questions
- How to convert a private key to an RSA private key?
- How to install godaddy ssl certificate on AWS ELB?
- [OpenSSL} Read certificate.pem to get the public key in RSA format in C lang
- Terminating SSL at an AWS ELB instance
- Trouble getting https to work with self signed certificate on aws elastic load balancer
- Amazom AWS ELB SSL certificate Private Key and Public Certificate Doesn't match
- openssl ? Join a public and a private key