Menu
I'm trying to associate a custom SSL certificate with Cloudfront. I uploaded it to IAM with the cert, privatekey, and chain. I gave it an upload path of /cloudfront.
I have also requested and received permission from AWS to use custom SSL with Cloudfront.
However, when I'm in the cloudfront console, and trying to associate the certificate, I get the follow error when I press the "Yes, Edit" button.
"The specified viewer certificate does not exist or is not valid." (check attached image)
I've purchased a wildcard cert from DNSimple, and followed these instructions (https://devcenter.heroku.com/articles/ssl-certificate-dnsimple)
Is there any idea how to go forward? I might have made my certificate incorrectly, but I have no idea how to debug this. Is it possible that I've made my certificate correctly, and there is just something wrong with my aws account or Cloudfront configuration?
Thanks!
747
So I figured out the problem!
DNSimple by default makes you a 2432 bit key, which is larger than the max size of 2048bit that Amazon allows. If you want to test the size of your key and cert, run the following:
Private Key:
openssl rsa -in private.key -text -noout
Example: Private-Key: (2048 bit)
Cert:
openssl x509 -in public.cert -text -noout
Example output: Public-Key: (2048 bit)
The output of each command will tell you how many bits it is. If you bought a SSL cert from DNSimple, you can message them and they can reauthorize your cert/key with a different size.
After doing this, associating your cert with your Cloudfront distribution should work.
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
