使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

ACM import certificate error - The certificate chain provided is not in a valid PEM format.

0

hi, I'm trying to import a letsencrypt ssl certificate. It is working ok with apache on a EC2 server, but I keep getting errors when importing to ACM. The certificate file which works is actually a bundle with the certificate itself and the chain, so I proceed to extract it:

openssl x509 -in mycert.crt -out chain.pem -outform PEM

This just cuts the first part of the crt file, starting from ----BEGIN CERTIFICATE ---- to ---END CERTIFICATE ---. I paste this on the ACM form.

The key is a few lines base64 encoded enclosed in -----BEGIN EC PRIVATE KEY----- and ---- END EC PRIVATE KEY-----. I paste this as is.

Then the chain I tried a number of things: pasted the two remaining certificates from the original crt file, extracted them from the live site, and a few more I dont remember. Also tried inverting first and second in case they are swapped. No matter what I try always get the no valid PEM format error. The pasted code looks like this:

-----BEGIN CERTIFICATE-----
.....base64 stuff ....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.....base64 stuff....
-----END CERTIFICATE-----

Please advice

主题
安全、身份和合规性
标签
AWS 证书管理器
语言
English
rePost-User-7437082
已提问 2 年前660 查看次数
1 回答
0

From

----BEGIN EC PRIVATE KEY-----

You are trying to import a Let's Encrypt ECDSA cert. If I recall correctly, one of the intermediate cert is RSA.

ACM only accept imports when TLS and all intermediate certs are ECDSA. As a workaround, you can import cert into IAM

Alternatively, AWS Certificate Manager now supports Elliptic Curve Digital Signature Algorithm TLS certificates. You can request a Elliptic Curve Digital Signature Algorithm (ECDSA) P-256 or P-384 cert directly from ACM instead of using Let's Encrypt cert.

AWS
专家
Mike_L
已回答 10 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容