Certificate Chain with AWS ELB & GoDaddy Certs

ssl amazon-web-services godaddy
5,480

Solution 1

So the problem was several mistakes along the way for me. First, I took the -----BEGIN CERTIFICATE----- section from the PEM generated from my keytool keystore. Second, I was trying to convert the gd_bundle-g2-g1.crt file - it already contained exactly what I needed to use.

To start from the beginning - I used Digicert's Java Keytool to generate my commands to get my keystore and CSR using keytool. From there, I got a wildcard SSL certificate through GoDaddy and downloaded my certificate which was in a ZIP file along with gdig.crt and gd_bundle-g2-g1.crt. After this, I follwed to steps to get the private key from my keystore following this StackOverflow answer. However, the foo.pem file from this command required one more command, openssl rsa -in foo.pem -out foo.rsa to get the final form accepted by the AWS panel.

Now to fill in the SSL form on AWS:

  • Private Key: The contents of the foo.rsa file from the previous step.
  • Public Key Certificate: The contents of the <your_cert>.crt file provided by GoDaddy
  • Certificate Chain: The contents of the gd_bundle-g2-g1.crt file provided by GoDaddy

This has given me a successful SSL certificate setup for my AWS ELB, with the proper certificate path, giving me a trusted certificate.

Solution 2

It's not a trivial process, and the documentation isn't great.

This version of the process using Gandi.net SSL certificates might help you work though it, it's much better than the official docs

http://lexical.scopely.com/2015/03/11/uploading-an-ssl-cert-from-gandi-net-to-iam/

Share:
5,480

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin almost 2 years

    I'm trying to setup SSL on my AWS ELB, but I am thus far unable to figure out what goes into the "Certificate Chain" field. I receive the following error:

    Unable to validate certificate chain. The certificate chain must start with the immediate signing certificate, followed by any intermediaries in order. The index within the chain of the invalid certificate is: -1

    I have my private key & certificate in PEM format and uploaded. If I use these without the "optional" chain, it works untrusted. I have been poking around, trying to find an answer on what to put into the field, and this answer suggests downloading the gd_bundle-g2.crt - I have done this and converted it into PEM by running openssl x509 -inform PEM -in gd_bundle-g2.crt but the error remains. When I downloaded my certificate from GoDaddy, I was given a ZIP with my SSL certificate along with gdig2.crt and gd_bundle-g2-g1.crt. I have tried using these files in various combinations, and alone, but again, nothing.

    What certificates go into the Certificate Chain, in what order, and in what format?

  • Admin
    Admin over 9 years
    Thought not directly helpful, it gave me some ideas to try that led me to the correct answer. Thanks for the links!
  • John
    John almost 9 years
    Thanks, wasn't sure what to use as the chain in amazon , simply put the text from the crt file as you said and it worked .
  • Nick Howard
    Nick Howard over 8 years
    Yep, gd_bundle-g2-g1.crt works for me
  • Alex Egli
    Alex Egli about 7 years
    This is a link-only answer. Please include the relevant parts in the answer here.
  • equivalent8
    equivalent8 about 3 years
    goddady gd_bundle-g2-g1.crt certs can be found here certs.godaddy.com/repository

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to configure SSL through GoDaddy using AWS Certificate Manager?
AWS Load Balancer: 503 (Service Unavailable: Back-end server is at capacity)
Getting "SSL_connect returned=1 errno=0 state=error: certificate verify failed" when connecting to S3
forwarding HTTPS from Godaddy to AWS
How to install let's Encrypt on Amazon Linux
SSL chain verification problems
RapidSSL: domain name does not match the certificate common name or SAN
IE8 doesn't accept a valid certificate while Firefox does
Possible for HAProxy to perform a mix of SSL termination and passthrough?
Scaling Multiple SSL Domains on Multiple EC2 instances in AWS ELB