Change / Update SSL certificate for Amazon Elastic Load Balancer with AWS Command Line Interface

  1. Install and configure the AWS Command Line Interface Show archive.org snapshot

  2. Show existing certificates to test if the AWS Cli is working:

    $ aws iam list-server-certificates
{
  "ServerCertificateMetadataList": [
      {
          "Path": "/", 
          "Arn": "arn:aws:iam::5xxxxxxxxxxx:server-certificate/www.example.com-201307-201407", 
          "ServerCertificateId": "AXXXXXXXXXXXXXXXXXXXX", 
          "ServerCertificateName": "www.example.com-201210-201310", 
          "UploadDate": "2012-10-10T11:25:35Z"
      }
  ]
}

  3. Upload your certificate:

    $ aws iam upload-server-certificate --server-certificate-name www.example.com-2013010-2014010 --certificate-body file://www.example.com.crt --private-key file://www.example.com.key --certificate-chain file://www.example.com.ca-bundle 
{
    "ServerCertificateMetadata": {
        "Path": "/", 
        "Arn": "arn:aws:iam::5xxxxxxxxxxx:server-certificate/www.example.com-2013010-2014010", 
        "ServerCertificateId": "AXXXXXXXXXXXXXXXXXXXX", 
        "ServerCertificateName": "www.example.com-2013010-2014010", 
        "UploadDate": "2013-10-22T16:57:36.704Z"
    }
}

    If you got the error message A client error (MalformedCertificate) occurred: Invalid Private Key. please look at this card to see how to fix it.

  4. Get the name of your loadbalancer:

    $aws elb describe-load-balancers | grep LoadBalancerName
            "LoadBalancerName": "example-com",

  5. Update certificate on your loadbalancer:

    aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name example-com --ssl-certificate-id arn:aws:iam::5xxxxxxxxxxx:server-certificate/www.example.com-2013010-2014010 --load-balancer-port 443
Kim Klotz Over 10 years ago
This website uses short-lived cookies to improve usability.
or learn more