AWS: "Unable to parse certificate. Please ensure the certificate is in PEM format."

amazon-web-services ssl-certificate amazon-elb
21,052

Solution 1

Just ran into the same exact issue: web console and AWS CLI reporting the same error in not being able to parse the certificate.

The error's root cause turned out to be in the private key -- converting my private key to a "RSA PRIVATE KEY" fixed the issue:

openssl rsa -in server.key -out server.key.rsa

Then, use the server.key.rsa in the private key field and leave the public cert as is.

Solution 2

The AWS CLI requires file:// prefix for local files. For example file://private.key, file://cert_file, etc.

Solution 3

According to installation steps of ZeroSSL you have to copy all the content of the private.key after opening it in notepad.

The private key must start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----

I did that also with certificate.crt and the problem solved and saved successfully

Solution 4

I just spent the last hour struggling with this issue, on the web console. For sake of documenting, I would like to share what fixed the problem for me:

  1. Ensure all keys and certs to be in RSA (as is demonstrated in Vikram's answer)
  2. Ensure the ---- TEXT HERE ---- start and end labels are included in what you are uploading/copy-pasting into the web-console
  3. My issue was: The RapidSSL certificates I'd purchased on Name.com, when copy-pasted into an Evernote, resulted in the conversion of newlines into spaces. I only realized this when I inputted the text into Vim, and the monospaced text wasn't aligned properly. After a series of f, [space], a, [return], I'd fixed the file in Vi and it now seems to be working. AWS' interface should be smart enough to recover from common errors such as this - nevertheless, this fixed the issue for me.

Hope this helps save an hour for somebody else :)

Share:
21,052

Related videos on Youtube

marekful
Author by

marekful

#SOreadytohelp

Updated on July 09, 2022

Comments

  • marekful
    marekful almost 2 years

    I am trying to update a wildcard certificate for EC2 instances on AWS. The service these servers belong to consists of a single server and a set of servers behind AWS ELB.

    The certificate has been successfully updated and verified on the single server.

    The same is true for an instance pulled up from the image the ELB uses for AutoScaling.

    However, when trying to add a new certificate to the load-balancer, I get the above error. I'm sure the certificate is correct and is in PEM format. I first tried via the web console, then using the aws aim command line tools with the same result.

    Anyone came across similar issue recently?

  • marekful
    marekful about 10 years
    Turned out to be the same issue here. Their error message is, to say, not too informative. Actually is bullshit. The key is valid so it can be parsed and is in the format they require (PEM). But it has been generated with an algorithm they don't accept.
  • t q
    t q about 10 years
    im getting WARNING: can't open config file: /etc/pki/tls/openssl.cnf
  • David van Dugteren
    David van Dugteren about 10 years
    Care to elaborate at all there?
  • Patrick Seymour
    Patrick Seymour about 10 years
    Sounds strange, but this suggestion worked for me. Originally was getting the exact error message as the title of this Question, but adding file:// to each filename made the upload work perfectly. Used the Windows x64 MSI AWS CLI installer, and using cmd to execute. Replace X with your certificate name. aws iam upload-server-certificate --server-certificate-name X --certificate-body file://cert.crt --private-key file://key.key --certificate-chain file://chain.crt --path /cloudfront/X/
  • Joseph Lust
    Joseph Lust almost 10 years
    Same problem on Linux, fixed with the file prefix. Stupid me for not reading the official docs, but rather reading a wonderfully misleading blog post.
  • svintus
    svintus over 9 years
    Thank you, I was going absolutely bonkers until I found your answer.
  • Tebam
    Tebam over 9 years
    It didn't solved it for me, the output file is exactly the same one
  • Tudor Ravoiu
    Tudor Ravoiu over 6 years
    For every Mac user out there. The "file://" prefix should indeed be used before the certificate file name. For some reason, I thought this is necessarily only for Windows.
  • Cerin
    Cerin about 5 years
    This just gives me the error: 140186932995736:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Full end to end encryption with AWS Elastic Load Balancer, Nginx and SSL
Can I use the new free SSL/TLS AWS certificates without ELB or Beanstalk on plain EC2?
Install Wildcard Certificate onto AWS EC2 Load Balancer
Deleting uploaded certificate from elastic load balancer
AWS Load Balancer ERR_TOO_MANY_REDIRECTS
AWS application load balancer listener rule paths
Getting "SSL_connect returned=1 errno=0 state=error: certificate verify failed" when connecting to S3
Does AWS Application load balancer actually support compression?
How to enable websockets on AWS Cloudfront
How to solve AWS ELB/EC2 HTTP 503 with timeout settings?