tfentonz/aws-server-certs.md

## aws-server-certs.md

      
    Raw
  

              aws-server-certs.md
            
          
    AWS Server Certificates

The PFX format is not supported by AWS IAM. Follow the below steps to convert to the correct format (X5.09 PEM) by using OpenSSL.
unzip -j -P password Wildcard\ Completed\ Certificates\ for\ Import.zip
Extract private key

openssl pkcs12 -in wildcard.marlborought.govt.nz_withPK.pfx -nocerts -nodes -passin pass:goodsecret | openssl rsa -out my-private-key.pem
Extract public key

openssl pkcs12 -in wildcard.marlborought.govt.nz_withPK.pfx -clcerts -nokeys -passin pass:goodsecret | openssl x509 -out my-certificate.pem
Extract certificate chain

openssl pkcs12 -in wildcard.marlborought.govt.nz_withPK.pfx -cacerts -nodes -nokeys -passin pass:goodsecret -out chain.txt
List Server Certificates

aws iam list-server-certificates
Uploading the Server Certificate

aws iam upload-server-certificate --server-certificate-name my-server-certificate  --certificate-body file://my-certificate.pem --private-key file://my-private-key.pem  --certificate-chain file://my-certificate-chain.pem --output json
{
    "ServerCertificateMetadata": {
        "Arn": "arn:aws:iam::123456789012:server-certificate/my-server-certificate",
        "UploadDate": "2016-08-03T03:43:52.009Z",
        "ServerCertificateId": "xxxxVCO4",
        "ServerCertificateName": "my-server-certificate",
        "Expiration": "2017-02-16T23:59:59Z",
        "Path": "/"
    }
}
See Also


Managing Your Server Certificates
SSL Certificates for Elastic Load Balancing
AWS CLI upload-server-certificate