I'm trying to import my certificate from (DigiCert) to AWS. Where I following the instruction from AWS (link) to convert my pfx to pem format.
But I get empty file when I use the command
openssl pkcs12 -in website.xyz.com.pfx -cacerts -nokeys -chain -out ca-chain.pem
to extract CA chain from pfx file. I just get an empty ca-chain.pem
file.
When I try to import the certificate into ACM in AWS the shows the error Provided certificate is not a valid self signed. Please provide either a valid self-signed certificate or certificate chain.
According to the AWS article we need certificate chain to import non-AWScertificate.
How can I get my certificate chain correctly?
My OpenSSL version is OpenSSL 1.1.1m 14 Dec 2021
This isn't specific to AWS, but an empty
ca-chain.pem
file seems to suggest that the PFX file doesn't contain the certificate chain at all. You may need to get a new PFX file that includes the chain.If you're in a rush you can potentially copy the certificate chain from an existing public certificate that uses the same issuer. Try something like:
Ignore the first
-----BEGIN CERTIFICATE-----
block, but copy the following certificate blocks to yourca-chain.pem
.See: Using openssl to get the certificate from a server