How to use *.pfx certificate for Amazon ELB SSL

snowindy picture snowindy · Mar 22, 2016 · Viewed 11.7k times · Source

I have cert.pfx file, I need to install to be used in Amazon Elastic Load Balancer. How can I do it?

Answer

snowindy picture snowindy · Mar 22, 2016
  1. Extract private key without password. First command will request pfx password and prompt for a password for key.pem; a password for key.pem must be provided. Second command asks for key.pem password provided for 1st command.

openssl pkcs12 -in cert.pfx -nocerts -out key.pem openssl rsa -in key.pem -out server.key

  1. Extract certificate:

openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.pem

  1. Extract certificate chain:

openssl pkcs12 -in cert.pfx -nodes -nokeys -out chain.pem

  1. Certificate chain contains several items. You may need to remove item that refers to your certificate, it's on top and it's not needed. Give a try with/without removing top item. After that the other items should be placed in reverse order.

  2. server.key is private key in ELB, cert.pem is certificate in ELB, output #4 is certificate chain.

Good luck!