How do I Install Intermediate Certificates (in AWS)?

ssl amazon-ec2 load-balancing

Solution 1:

concatenate the files provided manually, in the following order:

  • site.com.crt
  • intermediate.crt (one or more, the order of these doesn't matter)
  • ROOT.crt

you can do this from a shell with the cat command

cat site.com intermediate.crt ROOT.crt > site.chain.pem

or copy/paste them, no whitespace between, make sure certificates are on different lines

-----BEGIN CERTIFICATE-----
site cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
root cert
-----END CERTIFICATE-----

Solution 2:

I had issues w/ my rapid-ssl cert; as per

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO21856&actp=search&viewlocale=en_US&searchid=1368427636740

I could fix it by reversing the certificates in in the CA bundle:

Problem

When installing an SSL certificate into Amazon Web Service (AWS) - Amazon EC2 device, you may receive the following error message.

Error: Invalid Public Key Certificate. Cause This problem may occur on Amazon Web Service (AWS) - Amazon EC2 device when any of the following conditions are true.

RapidSSL Intermediate CA bundle certificate is not installed on Amazon Web Service (AWS) - > Amazon EC2 device
RapidSSL Intermediate CA bundle certificate is installed on Amazon Web Service (AWS) - Amazon > EC2 device but the CA bundle required needs to be installed in reversed order

Resolution

To resolve the error from installing RapidSSL certificate using Amazon Web Service (AWS) - Amazon EC2 device, perform the following steps.

Step 1: Download Intermediate CA Bundle Certificate

To download the Intermediate CA bundle certificate, refer to article AR1548

When viewing the CA bundle you will see two certificates stacked on top of each other. These two certificates will need to be switched. The top certificate needs to be placed on the bottom and the bottom certificate needs to be placed on top.

...

Solution 3:

I had to go through the same issue. Just by uploading a pem file with the following seem to resolve the problem. It did not like site cert at the top 

-----BEGIN CERTIFICATE-----
intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
root cert
-----END CERTIFICATE-----

Solution 4:

For Comodo issued certs

    Private Key: private_key.text
    Public Key Certificate: yourdomain.crt
    Certificate Chain: combine these 2
    cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > certchain.txt
    (or paste in COMODORSADomainValidationSecureServerCA.crt first followd by COMODORSAAddTrustCA.crt)

Related

Why have both security groups and iptables on Amazon EC2?
Node.js is not accessible from external IPs on Ubuntu
Copy large file from one Linux server to another
Server Hosting from your House - $200 to $300 per month range [closed]
SSH tunneling is faster than OpenVPN, could it be?
Postfix - Host or domain not found
Is it true that a nameserver have to answer queries over TCP?
Authentication Order with SSH
Functional implications of differences in SSL and TLS
What options can be put into a SSH authorized_keys file?
Windows Server 2008 R2 network adapter stops working, requires hard reboot
How to use Active Directory to authenticate linux users