Can't upload certificate to AWS

Question

I'm doing:

aws iam upload-server-certificate --server-certificate-name MysiteCertificate --certificate-body Downloads/mysite/mysite.crt --private-key mysite.pem --certificate-chain Downloads/mysite/COMODOSSLCA.crt

I'm getting an error though: A client error (MalformedCertificate) occurred when calling the UploadServerCertificate operation: Unable to parse certificate. Please ensure the certificate is in PEM format.

It is a valid pem file though =(

Test that the uploaded cert is correct (linebreaks?): `wget Downloads/mysite/mysite.crt -O webcert.crt` and then `openssl x509 -in webcert.crt -text -noout` — LinuxDevOps, Mar 24 '14 at 21:19

score 54 · Answer 1 · edited Aug 26 '17 at 17:37

54

Add a file:// before the file names.

edited Aug 26 '17 at 17:37

peterh

4,914
13
29
44

answered Mar 24 '14 at 21:27

LinuxDevOps

1,754
9
14

6

This is what it was for me. What a terribly unhelpful error for the AWS CLI to throw! – Leland Richardson Feb 12 '15 at 19:13
3

Seriously the least helpful error message I've seen in a while. – markthethomas Jun 26 '15 at 18:21
Worked for me as well. – Petter Kjelkenes Nov 18 '15 at 13:31

score 8 · Answer 2 · answered May 02 '14 at 17:42

8

I've seen this when the key wasn't in RSA format. If you check the header for your key and it is -----BEGIN PRIVATE KEY----- instead of -----BEGIN RSA PRIVATE KEY----- that's probably your problem. You can get the key into RSA with:

 openssl rsa -in my-private-key.pem > private-rsa-key.pem

answered May 02 '14 at 17:42

Jeremy Logan

255
3
12

this is the only place i could find this answer. thanks! – Nuriel Jun 14 '15 at 08:56
I have it beginning with `-----BEGIN RSA PRIVATE KEY-----`, and its been outputted as a `.pem` and for sure `RSA`, but it still returns the same error. I generated the key with `openssl genrsa -des3 -out server.pass.key 2048` and `openssl rsa -in server.pass.key -out server.key` – Trip Dec 21 '15 at 20:21

Can't upload certificate to AWS

2 Answers2

Linked