Cannot Use AWS Cloud Interface with IAM Custom SSL Certificate

Question

Cannot Use AWS Cloud Interface with IAM Custom SSL Certificate

I have a CloudFront distribution that I want to configure using SSL using a special certificate.

We want to use the SSL certificate that we have already uploaded to the IAM (and currently we use several ELBs), but it will not even allow us to choose an option (the drop-down list where the certificates are located should be empty).

Any ideas? According to the white paper, this should be a valid option

PS: we do not want to use the certificate provided by aws certificate manager

+5

ssl amazon-web-services amazon-cloudfront

sebamontini Sep 2 '16 at 14:17

source share

3 answers

You must download using the cloud route interface

 aws iam upload-server-certificate --server-certificate-name CertificateName --certificate-body file://public_key_certificate_file --private-key file://privatekey.pem --certificate-chain file://certificate_chain_file --path /cloudfront/path/ --path Parameter – When you upload the certificate to IAM, the value of the -path parameter (certificate path) must start with /cloudfront/, for example, /cloudfront/production/ or /cloudfront/test/. The path also must end with a /.

details here http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html

+2

Kalyanaraman prasad Sep 2 '16 at 15:24

source share

From my experience, if you upload the IAM certificate to the / cloudfront directory, you can use it on the ELB. But you cannot use the IAM certificate on CloudFront, which is not in the / cloudfront directory.

+1

eblackey Sep 2 '16 at 19:08

source share

Matt houser · Accepted Answer · 2016-09-02T15:16:40+0000

User certificates downloaded for ELB cannot be used for CloudFront.

So, you need to download the SSL certificate (it can be the same certificate) a second time, but in a slightly different way.

aws iam upload-server-certificate \ --server-certificate-name CertificateName \ --certificate-body file://public_key_certificate_file \ --private-key file://privatekey.pem \ --certificate-chain file://certificate_chain_file \ --path /cloudfront/DistributionName/

Source: https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-custom-certificate/

Note /cloudfront/ at the beginning of the --path parameter.

So, in the end you will have two certificates that will be used by ELB, which will be used by CloudFront. But they can come from the same source certificate files.

Cannot Use AWS Cloud Interface with IAM Custom SSL Certificate

More articles: