15 June 2013

OpenSSL: Convert private key to PEM format for AWS ELB

You might get message "Error: Invalid Private Key" while configuring SSL on Elastic Load Balancer on Amazon Web Services (AWS). It means your private key isn't in PEM format. No worries, it easy to fix.

Standard CSR generation instructions, such as provided on GoDaddy support page, provide you private key file, which is not in PEM format:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Converting private key into PEM format is quite simple with OpenSSL RSA key processing tool:
openssl rsa -in yourdomain.key -outform PEM -out yourdomain_pem.key

You can check first lines of key files to see difference:
[andrey@centos openssl_rsa]$ head -n 3 yourdomain.key yourdomain_pem.key
==> yourdomain.key <==
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkq33iG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhJS/lw+cLrjby
TQZ1XubnMjUK7ajdT/q9b2C/hjmh9unB92/WaO8hFvL3B3jF31hf/vYQ9wAPEHnC

==> yourdomain_pem.key <==
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA4SUv5cPnC6128k0GdV7m5zI1Cu2o3U/6vW9gv4Y5oYrpwfdv
1mjvIRby9wd4xd9YX/72EPcADxB5wtVQp78wSM6D0/GEAOqgqDjFhdEqBY/b2qrw

That's it. You can copy content of PEM key file into ELB configuration dialog:

AWS ELB SSL Configuration dialog

No comments:

Post a Comment

Profile