Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

ACM import certificate error - The certificate chain provided is not in a valid PEM format.

0

hi, I'm trying to import a letsencrypt ssl certificate. It is working ok with apache on a EC2 server, but I keep getting errors when importing to ACM. The certificate file which works is actually a bundle with the certificate itself and the chain, so I proceed to extract it:

openssl x509 -in mycert.crt -out chain.pem -outform PEM

This just cuts the first part of the crt file, starting from ----BEGIN CERTIFICATE ---- to ---END CERTIFICATE ---. I paste this on the ACM form.

The key is a few lines base64 encoded enclosed in -----BEGIN EC PRIVATE KEY----- and ---- END EC PRIVATE KEY-----. I paste this as is.

Then the chain I tried a number of things: pasted the two remaining certificates from the original crt file, extracted them from the live site, and a few more I dont remember. Also tried inverting first and second in case they are swapped. No matter what I try always get the no valid PEM format error. The pasted code looks like this:

-----BEGIN CERTIFICATE-----
.....base64 stuff ....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.....base64 stuff....
-----END CERTIFICATE-----

Please advice

Themen
Sicherheit, Identität & Konformität
Tags
AWS Zertifikatsmanager
Sprache
English
rePost-User-7437082
gefragt vor 2 Jahren690 Aufrufe
1 Antwort
0

From

----BEGIN EC PRIVATE KEY-----

You are trying to import a Let's Encrypt ECDSA cert. If I recall correctly, one of the intermediate cert is RSA.

ACM only accept imports when TLS and all intermediate certs are ECDSA. As a workaround, you can import cert into IAM

Alternatively, AWS Certificate Manager now supports Elliptic Curve Digital Signature Algorithm TLS certificates. You can request a Elliptic Curve Digital Signature Algorithm (ECDSA) P-256 or P-384 cert directly from ACM instead of using Let's Encrypt cert.

AWS
EXPERTE
Mike_L
beantwortet vor 10 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt