6

I got AWS iam working on my server, and trying to upload some certificates:

aws iam upload-server-certificate --server-certificate-name domain2014 
--certificate-body file:///var/www/html/certificate.pem 
--private-key file:///var/www/html/private-key.pem 
--certificate-chain file:///var/www/html/ca.pem

I get:

Error parsing parameter '--certificate-body': file does not exist: /var/www/html/certificate.pem

I tried uploading the files from my MAC, and I get the same answer.

Already checked this question but file:// is not missing, and route is OK.

I do have credentials such as:

 AWSAccessKeyId=BKIAJQ1111111111111
 AWSSecretKey=H+2+2mko11111111111111cv+UFuA6

And also a config file. But I honestly don't understand where or how to use it to upload the certificates (after using aws configure I complete the info and then I don't know what to do next).

All this process started yesterday when I completed the process of uploading the load balancer with no issues, but later I realized that the certificate that is actually working is the self signed that I had previously on the server (this is the question I posted yesterday)

Edit:

If I try from terminal:

aws iam list-server-certificates

I get:

A client error (AccessDenied) occurred when calling the ListServerCertificates operation: User: arn:aws:iam::999990212999:user/admin is not authorized to perform: iam:ListServerCertificates on resource: arn:aws:iam:: 999990212999:server-certificate/

Edit2:

The AccessDenied problem was related with permissions. You must go to EC2 Management Console -> Administration and Security -> IAM -> Users -> Select the User and go to User Permissions. Select "Attach User Policy". In there, you chose the profile with the attributes that works for you (in my case was Administrator Access).

Once you update permisions, you can se the Certificate (If it was loaded correctly using load balancers or IAM).

Edit3:

I realized that I didn't need to upload the certificate because I already did it with the load balancers. Part of my confusion was that I had to load the certificates with AWS IAM again.

If your certicate is already on the server, the last step is to change your Domain Record Set. If your domain is hosted in AWS, go to Route 53 in the EC2 Management Console and create a record set. It must be a Type A record (not a CNAME), with an alias pointing to your Amazon Load Balancer (check your address in the tab DNS in the panel). The address should be something like:

9999999999.eu-west-1.elb.amazonaws.com
Diego Sarmiento
  • 183
  • 2
  • 9

2 Answers2

1

The command is looking for a file that does not exist

file does not exist: /var/www/html/certificate.pem

Possibly your certificate is not named certificate.pem, or my guess is you don't have a folder named /var/www on your local system where you're running this command (nor on your mac).

You need to put the location of certificate.pem on your local computer after file://
If it's named something other than certificate.pem, put the local file names in the command.

Source:
http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#UploadSignedCert
http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html

user16081-JoeT
  • 1,950
  • 11
  • 18
  • could you give me an example? like ~/Desktop/certificate.pem on Desktop? the problem is that I'm not sure where is the root folder for this command. Thank you! – Diego Sarmiento Nov 29 '14 at 15:56
  • you're on Windows in cmd prompt, yes? I'd change directory within cmd prompt to the folder where you have these files. an easy way so you know you can get to them is just put them in the top level of your C: drive, then you can `cd C:\\` and run your aws command with the file://certificate.pem etc (no path needed if you're in the same directory) – user16081-JoeT Nov 30 '14 at 00:50
0

Sometimes you have to sudo aws, I was getting the similar error due to the fact that the file is located in /etc/... the place where root user has access to

abdimuna
  • 101
  • 2