Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS: "Unable to parse certificate. Please ensure the certificate is in PEM format."

People also ask

What is PEM format for certificate?

PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate. PEM certificates are frequently used for web servers as they can easily be translated into readable data using a simple text editor. Generally when a PEM encoded file is opened in a text editor, it contains very distinct headers and footers.

How do I get my certificate private key?

On Windows servers, the OS manages your certificate files for you in a hidden folder, but you can retrieve the private key by exporting a “. pfx” file that contains the certificate(s) and private key. Open Microsoft Management Console (MMC). In the Console Root expand Certificates (Local Computer).


The AWS CLI requires file:// prefix for local files. For example file://private.key, file://cert_file, etc.


Just ran into the same exact issue: web console and AWS CLI reporting the same error in not being able to parse the certificate.

The error's root cause turned out to be in the private key -- converting my private key to a "RSA PRIVATE KEY" fixed the issue:

openssl rsa -in server.key -out server.key.rsa

Then, use the server.key.rsa in the private key field and leave the public cert as is.


I just spent the last hour struggling with this issue, on the web console. For sake of documenting, I would like to share what fixed the problem for me:

  1. Ensure all keys and certs to be in RSA (as is demonstrated in Vikram's answer)
  2. Ensure the ---- TEXT HERE ---- start and end labels are included in what you are uploading/copy-pasting into the web-console
  3. My issue was: The RapidSSL certificates I'd purchased on Name.com, when copy-pasted into an Evernote, resulted in the conversion of newlines into spaces. I only realized this when I inputted the text into Vim, and the monospaced text wasn't aligned properly. After a series of f, [space], a, [return], I'd fixed the file in Vi and it now seems to be working. AWS' interface should be smart enough to recover from common errors such as this - nevertheless, this fixed the issue for me.

Hope this helps save an hour for somebody else :)


According to installation steps of ZeroSSL you have to copy all the content of the private.key after opening it in notepad.

The private key must start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----

I did that also with certificate.crt and the problem solved and saved successfully