Combine your certificate file with the private key used to create your CSR file:
cat {certificateFile}.crt private-key.pem > host.pem
Encode the combined file from the previous step in x509 PEM format:
openssl rsa -in host.pem -out nopassphrase.pem
Remove any passphrase that may exist in this new file:
openssl x509 -in host.pem >> nopassphrase.pem
Open and remove the entire private key section from the nopassphrase.pem file. This file, nopassphrase.pem, is the certificate-body file.
Now re-encode your private key into RSA format:
openssl rsa -in private-key.pem > private.pem
Amazon gives the following command for uploading a server certificate for use with CloudFront distributions:
aws iam upload-server-certificate –server-certificate-name certificate_object_name –certificate-body file://public_key_certificate_file –private-key file://privatekey.pem –certificate-chain file://certificate_chain_file –path /cloudfront/path/
Source:
http://www.mdotlabs.com/how-to-using-secure-connections-on-amazon-web-services/