I'm creating certificate requests with this command:
openssl req -new -out www.example.com.csr -keyout www.example.com.key -newkey rsa:2048 -nodes
When I try to upload the certificate to AWS IAM I get this error:
$ aws iam upload-server-certificate --server-certificate-name www.example.com-2013010-2014010 --certificate-body www.example.com.crt --private-key www.example.com.key --certificate-chain www.example.com.ca-bundle
A client error (MalformedCertificate) occurred: Invalid Public Key Certificate.
That's because of the format of the key file (www.example.com.key
).
If it starts with -----BEGIN PRIVATE KEY-----
you have to convert it to rsa:
mv www.example.com.key www.example.com.key_norsa
openssl rsa -in www.example.com.key_norsa -out www.example.com.key
After this the key file should start with -----BEGIN RSA PRIVATE KEY-----
and the upload should work without any problems.