Menu
I've been trying to attach a SSL certificate that I'm currently using for one of my Elastic Load Balancing Instances on a new Cloud Formation Template but each time I get:
Server Certificate not found for the key
And then the Cloudformation template starts to roll back at that point.
"Listeners" : [ { "LoadBalancerPort" : "443", "InstancePort" : "80", "SSLCertificateId" : "start_certname_com", "Protocol" : "HTTPS" },... Amazon is asking for the The ARN of the SSL certificate to use. and I believe this is correct since this is the exact string which appears in the dropdown of the current set up ELB which takes 443 to port 80 on the instances.
Am I missing something on my Listener?
364
On the navigation pane, under LOAD BALANCING, choose Load Balancers. Select the load balancer and choose Listeners. For the listener to update, choose View/edit certificates, which displays the default certificate followed by any other certificates that you've added to the listener.
Uploading an SSL CertificateClick on SSL/TLS under Security in cPanel. Under Certificates (CRT), click on Generate, view, upload or delete SSL certificates. Under Upload a New Certificate, paste your certificate into the Paste your certificate below text box. When ready, click Save Certificate.
There are three steps to install an SSL/TLS certificate on your EC2 Windows instance: Create a Certificate Signing Request (CSR) and request your SSL certificate. Install your SSL certificate. Assign the SSL certificate to your IIS deployment.
You can derive the ARN for a certificate in CloudFormation with only the certificate name. No need to run a command line tool and hard code the value into your CloudFormation template.
"Parameters":{ "Path":{ "Description":"AWS Path", "Default":"/", "Type":"String" } } ... "Listeners" : [ { "LoadBalancerPort" : "443", "InstancePort" : "80", "SSLCertificateId" : { "Fn::Join":[ "", [ "arn:aws:iam::", { "Ref":"AWS::AccountId" }, ":server-certificate", { "Ref":"Path" }, "start_certname_com" ] ] }, "Protocol" : "HTTPS" },... This determines your account id with the {"Ref":"AWS::AccountId"} pseudo parameter and combines it with the other elements needed to form the ARN. Note that I'm using a variable called Path in case you've set a path for your certificate. If not the default of "/" works fine.
This solution was mentioned by @Tristan and is an extension of merrix143243's solution
170
I've actually figured out how to do this while waiting for the answer, you need to use the IAM CLI tools provided by amazon and then use the commandiam-servercertgetattributes -s certname
This will provide you a string like:
arn:aws:iam::123456789123:server-certificate/start_certname_com
This is the value you place in the "SSLCertificateId" value pair field
The setup instructions for the IAM command line tools (CLI) can be found at:
http://docs.aws.amazon.com/IAM/latest/CLIReference/Setup.html
Download the tool kit from aws here
http://aws.amazon.com/developertools/AWS-Identity-and-Access-Management/4143
All in all your final block will look like:
"Listeners" : [ { "LoadBalancerPort" : "443", "InstancePort" : "80", "SSLCertificateId" : "arn:aws:iam::123456789123:server-certificate/start_certname_com", "Protocol" : "HTTPS" },... If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With