Install Wildcard Certificate onto AWS EC2 Load Balancer
Solution 1
Please read the post: AWS Load Balancer SSL limitations. The following solution worked for me:
openssl rsa -in server.key -text
Then copy and paste the produced output between (including):
-----BEGIN RSA PRIVATE KEY-----
and
-----END RSA PRIVATE KEY-----
AWS Load Balancer had accepted this key successfully.
Solution 2
Hmmh, everything looks correct at first sight, but let's double check on a few details.
And exported by cert and created all those files, but it doesn't tell you which file goes in which field.
I can't quite follow, insofar the linked guide clearly states where to put he files:
When prompted for the certificate keys do the following:
- Open the file server.key that was created from above with openssl and paste into the Private Key textbox
- Open the file cert.pem that was created from above with openssl and copy the text from —-BEGIN till the end of the file and paste that into Public Key Certificate textbox
Note: I did not put anything into the certificate chain
The screenshot you provided indicates you have chosen the correct combination in fact, however ...
I tried what I think is all the combinations but it doesn't accept it
... I assume you have deliberately shortened the textarea input widgets for Private Key and Public Key Certificate to decrease image size or hide the actual keys? Otherwise the text to be pasted has mostly gone lost somehow, insofar it should look something like:
-----BEGIN CERTIFICATE-----
MIICeDCCAeGgAwIBAgIGAOABb24uY29tMQwwCgb3DQEBBQUAMFMxCzAJBgNVBAYT
[...]
A WHOLE LOT MORE HEX DIGITS HERE!
[...]
q04lCMxITAfBgNVBAMTAAJW26+adw9C063H7I846ZbxHl6BkcTPsjL3b5JoZhyim
jbzH4dktTFNIkX4o
-----END CERTIFICATE-----
In this regard another cause might be addressed by this answer to Public key and private cert don't match:
Looks like the issue was the way in which I was copying the contents of the key and certs into the AWS Management console. I was using an Ubuntu desktop running in Virtual Box [...] Once I opened the key and cert files on the same box as the web browser (Windows in this case) the certs went through just fine. I'm guessing some parts of the file aren't making it over correctly when using the shared clip board between Virtual Box client and host.
Given the high probability of special characters appearing in the hex dump, this is entirely possible for various similar copy&paste scenarios as well, e.g. between SSH terminals with erroneous character encoding settings etc.
Solution 3
Simplest/most concise explanation that I have come across for creating a self-signed cert for AWS ELBs is...
openssl genrsa -out server_privatekey.pem 1024
openssl req -new -key server_privatekey.pem -out server_certificate_csr.pem
openssl x509 -req -days 3650 -in server_certificate_csr.pem -signkey server_privatekey.pem -out server_certificate.pem
And then in AWS;
Certificate Name: mycert
Private key: [content of server_privatekey.pem]
Public key: [content of server_certificate.pem]
Certificate Chain: [content of server_certificate_csr.pem]
Credit: https://forums.aws.amazon.com/message.jspa?messageID=381093
Dale Fraser
Updated on June 17, 2022Comments
-
Dale Fraser almost 2 years
I'm having trouble. I followed a guide that I found here
And exported by cert and created all those files, but it doesn't tell you which file goes in which field. I tried what I think is all the combinations but it doesn't accept it
I Setup the balancer as follows
Then I try to setup the certificate
Then you can see it tells me it's invalid.
In case it helps I exported from IIS and followed the tutorial on the link provided and the certificate is a DigiCert Wildcard Certificate ie (*.domain.com)
-
Paulo Scardine over 10 yearsThe link to the referred post is dead.
-
Paulo Scardine over 10 yearsThanks, both formats look almost the same, lost a couple hours around this one.
-
Devplex about 10 yearsIn my case the ELB wizard complained about in 'Invalid Public Key Certificate' when in fact my private key format was incorrect. Your solution fixed it.