Fix "A client error (MalformedCertificate) occurred: Invalid Private Key." at AWS SSL Certificate upload
I'm creating certificate requests with this command:
openssl req -new -out www.example.com.csr -keyout www.example.com.key -newkey rsa:2048 -nodes
When I try to upload the certificate to AWS IAM I get this error:
$ aws iam upload-server-certificate --server-certificate-name www.example.com-2013010-2014010 --certificate-body www.example.com.crt --private-key www.example.com.key --certificate-chain www.example.com.ca-bundle
A client error (MalformedCertificate) occurred: Invalid Public Key Certificate.
That's because of the format of the key file (www.example.com.key
).
If it starts with -----BEGIN PRIVATE KEY-----
you have to convert it to rsa:
mv www.example.com.key www.example.com.key_norsa
openssl rsa -in www.example.com.key_norsa -out www.example.com.key
After this the key file should start with -----BEGIN RSA PRIVATE KEY-----
and the upload should work without any problems.
Related cards:
Change / Update SSL certificate for Amazon Elastic Load Balancer with AWS Command Line Interface
-
Install and configure the AWS Command Line Interface
-
Show existing certificates to test if the AWS Cli is working:
$ aws iam list-server-certificates { "ServerCertificateMetadataList": [...
FAQ for When PostgreSQL Indexes Are Corrupted After Locale Changes
When changing glibc versions, it's possible to end up with corrupt indexes in PostgreSQL.
Are My Indexes Affected?
If your database has...
HowTo: verify SSL private key matches SSL certificate
When receiving a new SSL-Certificate for an existing SSL-key it should be checked that they match cryptographically.
Maybe the customer accidentally created a new key and certificate and sent us just the certificate.
It's also possible that the c...
Installing throttled to fix Lenovo laptops with nvidia graphics running Ubuntu losing performance after a while
We have observed Lenovo laptops with nvidia graphics losing performance after they have been in use for a few minutes. While we have not been able to pinpoint exactly what triggered the performance loss, we have found it mostly correlated with hig...
HowTo: Curl applications that are usually behind reverse proxies with TLS termination without the application redirecting to https schema
A lot of web applications require being called over https
, which is a good thing. It's possible to configure this requirement at the web- or proxy server level, where nginx
or apache
will just redirect every request on http
to https
. Som...
How to Protect container images with production tag from ECR lifecycle rules
If you want to automatically delete old container images from your Elastic Container Registry, the solution is a quite simple ECR Lifecycle Rule that deletes images e.g. 7 days after they have been pushed to the registry.
If you however want to _...
Keepalived VRRP FAQ
How can I configure virtual IP's?
There are two parameter to set up virtual ips in Keepalived:
virtual_ipaddress
Addresses defined here are included into the VRRP Packages and are therefore limited in number, especially with IPv6.
Add...
HowTo: enable termination protection for all EC2 instances not in autoscaling groups via aws cli
aws ec2 describe-instances --output text --query 'Reservations[].Instances[?!not_null(Tags[?Key == `aws:autoscaling:groupName`].Value)] | [].[InstanceId]' | xargs -L1 -t aws ec2 modify-instance-attribute --disable-api-termination --instance-id...
Why Apple Silicon MacBooks Can Only Use One External Display Through A Dock
It's quite confusing how many external displays are usable with a MacBook that uses an M1 or M2 Chip. Documentation on the Internet is sparse and not even the Geniuses at the Genius Bar are 100% sure. We found out some things and can explain the b...
HowTo apply Test Driven Development to Container Images
Apply Test Driven Development(TDD) to the process of building container images by defining test before writing code and automate the testing process. Iterate through the TDD cycle while developing and running the tests later in continuous integrat...