[solved] how to upload/import the certificate in AWS certificate manager or load balancer using AWS console step by step

This will walk you thru on how to import the certificate into AWS certificate manger using AWS console. The process is very simple and just requires openssl software downloaded to your desktop and if it is not the right format then you may get the following error message

“com.amazonaws.pki.acm.exceptions.external.ValidationException: Could not validate the certificate with the certificate chain. Choose Previous button below and fix it.”

Once the certificate has been issued from your provider – it should have the following format

You will need the private key and you can refer to my another articles which explains in detail on extracting the private key – see below for the link

Once you have extracted the private key then you will need to convert the root and intermediate certificate which is the top certificate in PCKS format to a format that AWS can understand

below are the fields in AWS certificate manager that you will need text data for

In the certificate body – you will need to open the .pem file and paste the text

In the private key portion you will need to add the text you extracted by running the following command in the article link above, you will need the password to extract the private key however

openssl pkcs12 -in certificate.pfx -nocerts -out private.pem -nodes

Finally you just need to run the following command to get convert the root cert to a AWS readable format by running the following command and paste the text in certificate chain  box.

openssl pkcs7 -print_certs -in gd-g2_iis_intermediates.p7b -out root_int.cer

Please note that it may show an error message regarding a conf file, however it will generate a file with .cer and you can use notepad to open the file and paste the text in the “Certificate chain” portion

This will import the certificate and it will be available for you in the certificate manager

Also note that AWS load balancers that are using a certificate using the certificate manager will need to be updated using the AWS certificate manager.

Hope this helps

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button