Menu
I have cert.pfx file, I need to install to be used in Amazon Elastic Load Balancer. How can I do it?
471
You can do this by downloading the Apache download link from your SSL.com account, and including both your website certificate and the file named ca-bundle-client.crt in your PFX file. For example: P7B files cannot be used to directly create a PFX file.
If you’re using Windows, use the file available from Shining Light Productions. Add the OpenSSL binaries location to your system PATH variable, so that the binaries are available for command line use. Run the following commands to convert a PFX-encoded SSL certificate into PEM format.
You can create a certificate using AWS Certificate Manager or a tool that supports the SSL and TLS protocols, such as OpenSSL. You will specify this certificate when you create or update an HTTPS listener for your load balancer. When you create a certificate for use with your load balancer, you must specify a domain name.
See Request a Certificate in the AWS Certificate Manager User Guide for instructions. Run openssl version at the command line to see if you already have OpenSSL installed. If you don't, you can build and install the source code using the instructions at the public GitHub repository, or use your favorite package manager.
pfx password and prompt for a password for key.pem; a password for key.pem must be provided. Second command asks for key.pem password provided for 1st command.openssl pkcs12 -in cert.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out server.key
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.pem
openssl pkcs12 -in cert.pfx -nodes -nokeys -out chain.pem
Certificate chain contains several items. You may need to remove item that refers to your certificate, it's on top and it's not needed. Give a try with/without removing top item. After that the other items should be placed in reverse order.
server.key is private key in ELB, cert.pem is certificate in ELB, output #4 is certificate chain.
Good luck!
133
you can easily convert the format of the certificate using the OpenSSL suite.
The process is very easy and a good guide is here: http://www.petefreitag.com/item/16.cfm.
About the different steps (taken from the link I reported above):
# Export the private key file from the pfx file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
# Export the certificate file from the pfx file
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
# This removes the passphrase from the private key so Apache won't
# prompt you for your passphase when it starts
openssl rsa -in key.pem -out server.key
Now, if you have a linux distro, it is straight forward to install openSSL (yum install openssl on an rpm based distro).
If you don't have a linux distro installed, then the quickest would be to go for a live distribution (I personally love fedora https://getfedora.org/)
I hope this helps
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
