There is a new card about how to do this with the new AWS Command Line Interface
On Ubuntu you can easy install it with sudo apt-get install iamcli
.
Otherwise, you can install it manually:
export AWS_IAM_HOME=/home/foobar/Downloads/IAMCli-1.2.0/
(version may vary)AWSAccessKeyId=AWS access ID
AWSSecretKey=AWS secret key
According to amazon there must be given the following data:
You can either use the AWS Accounts access keys and they can be found at http://aws.amazon.com under Account->Security Credentials or you can use the access keys of a user created with IA
Open a terminal (if you don't have yet) and set the JAVA_HOME environment variable: export JAVA_HOME=/usr
iam-servercertlistbypath --aws-credential-file ./aws-credential.txt
If you've installed it manually you have to give the full path:
/home/foobar/Downloads/IAMCli-1.2.0/bin/iam-servercertlistbypath --aws-credential-file ./aws-credential.txt
The output should look something like this:
arn:aws:iam::322191361670:server-certificate/www.example.com
arn:aws:iam::322191361670:server-certificate/testCert
(if you don't have a ca-bundle you can omit the -c www.example.com.ca-bundle
)
iam-servercertupload --aws-credential-file ./aws-credential.txt -b www.example.com.crt -k www.example.com.key -c www.example.com.ca-bundle -s www.example.com-2011 -v
The output should look like this and includes the server certificate Amazon Resource Name (ARN) and GUID:
arn:aws:iam::322191361670:server-certificate/www.example.com-2011
ASCACexampleKEZUQ4K
If you got the error message similar to A client error (MalformedCertificate) occurred: Invalid Private Key.
please look at this card to see how to fix it.
At the moment there is no ubuntu package available so you have to do this manually.
export AWS_ELB_HOME=/home/foobar/Downloads/ElasticLoadBalancing-1.0.14.3
You need the name from your Elastic Load Balancer, the region and the certificates ARN
/home/foobar/Downloads/ElasticLoadBalancing-1.0.14.3/bin/elb-set-lb-listener-ssl-cert lb-name --aws-credential-file ./aws-credential.txt --region eu-west-1 --lb-port 443 --cert-id arn:aws:iam::322191361670:server-certificate/www.example.com-2011