使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

ACM import certificate error - The certificate chain provided is not in a valid PEM format.

0

hi, I'm trying to import a letsencrypt ssl certificate. It is working ok with apache on a EC2 server, but I keep getting errors when importing to ACM. The certificate file which works is actually a bundle with the certificate itself and the chain, so I proceed to extract it:

openssl x509 -in mycert.crt -out chain.pem -outform PEM

This just cuts the first part of the crt file, starting from ----BEGIN CERTIFICATE ---- to ---END CERTIFICATE ---. I paste this on the ACM form.

The key is a few lines base64 encoded enclosed in -----BEGIN EC PRIVATE KEY----- and ---- END EC PRIVATE KEY-----. I paste this as is.

Then the chain I tried a number of things: pasted the two remaining certificates from the original crt file, extracted them from the live site, and a few more I dont remember. Also tried inverting first and second in case they are swapped. No matter what I try always get the no valid PEM format error. The pasted code looks like this:

-----BEGIN CERTIFICATE-----
.....base64 stuff ....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.....base64 stuff....
-----END CERTIFICATE-----

Please advice

主題
安全性、身分識別與合規
標籤
AWS Certificate Manager
語言
English
rePost-User-7437082
已提問 2 年前檢視次數 681 次
1 個回答
0

From

----BEGIN EC PRIVATE KEY-----

You are trying to import a Let's Encrypt ECDSA cert. If I recall correctly, one of the intermediate cert is RSA.

ACM only accept imports when TLS and all intermediate certs are ECDSA. As a workaround, you can import cert into IAM

Alternatively, AWS Certificate Manager now supports Elliptic Curve Digital Signature Algorithm TLS certificates. You can request a Elliptic Curve Digital Signature Algorithm (ECDSA) P-256 or P-384 cert directly from ACM instead of using Let's Encrypt cert.

AWS
專家
Mike_L
已回答 10 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容