Uploading a SSL certificate in AWS is required when setting up a HTTPS load balancer or a cloudfront bucket with HTTPS support. The certificate format required by AWS is likely to differ a little bit from what an SSL provider will give you. This article explains how to convert your SSL certificate to the format expected by AWS.

1 - What you need

SSL Providers (like GoDaddy) usually provide three things when generating a SSL certificate:

• somedomain.key: this is the private key
• somedomain.crt: this is the public certificate
• provider_bundle.crt: this is the SSL provider bundle (public certificate signing your SSL certificate)

On the other side, AWS expects three things:

• Private Key in pem format
• Public Key Certificate in pem format
• Certificate chain in pem format: this is the bundle provided by your provider

2 - Installing the certificate on the ELB

Let's convert the private key into PEM format

openssl rsa -in somedomain.key -outform PEM -out somedomain.key.pem

That's pretty much it! 

Now upload the content of each file as directed:

• Upload content of somedomain.key.pem to Private Key
• Upload content of somedomain.crt to Public Key Certificate
• Upload content of provider_bundle.crt to Certificate Chain

Example below while setting up a AWS Load Balancer:

3. Import the certificate in AWS Certificate Manager

Open the ACM console at https://console.aws.amazon.com/acm/home.

Either import a new certificate or select the one to renew and choose "Reimport"

When reimporting a renewed certificate all associated resources (ELB, ...) are automatically updated.