Error: "Invalid Public Key Certificate" when installing certificate on Amazon Web Service (AWS) - Amazon EC2

Solution ID:    SO21856    Updated:    04/03/2013

Problem

When installing an SSL certificate into Amazon Web Service (AWS) - Amazon EC2 device, you may receive the following error message.

Error: Invalid Public Key Certificate.

Cause

This problem may occur on Amazon Web Service (AWS) - Amazon EC2 device when any of the following conditions are true.
  • RapidSSL Intermediate CA bundle certificate is not installed on Amazon Web Service (AWS) - Amazon EC2 device
  • RapidSSL Intermediate CA bundle certificate is installed on Amazon Web Service (AWS) - Amazon EC2 device but the CA bundle required needs to be installed in reversed order

Solution

To resolve the error from installing RapidSSL certificate using Amazon Web Service (AWS) - Amazon EC2 device, perform the following steps.

Step 1: Download Intermediate CA Bundle Certificate

To download the Intermediate CA bundle certificate, refer to article AR1548

When viewing the CA bundle you will see two certificates stacked on top of each other. These two certificates will need to be switched. The top certificate needs to be placed on the bottom and the bottom certificate needs to be placed on top.

Example:
 

-----BEGIN CERTIFICATE----
Primary Intermediate CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Secondary Intermediate CA
-----END CERTIFICATE-----

Needs to be switched to..

-----BEGIN CERTIFICATE-----
Secondary Intermediate CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Primary Intermediate CA
-----END CERTIFICATE-----
 

You can then copy and paste the file contents into a notepad and save the file with a .pem extension.
 

Step 2: Installation of SSL & Intermediate CA Bundle Certificate

 

The RapidSSL certificate will be sent by email. If the certificate is included as an attachment (Cert.cer), you may use the file. The certificate is imbedded in the body of the email, copy and paste it into a text file (save as cert.pem) using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file.

The text file should look like:

-----BEGIN CERTIFICATE-----

[encoded data]

-----END CERTIFICATE-----

Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.

If you need to download the certificate from your account

To obtain a copy of your SSL certificate in X.509 pem format from User Portal, refer to solution SO16222


Use the iam-servercertupload command to upload your RapidSSL signed certifcate and CA bundle file.

  • On Linux and Unix Computers, enter the following command:

    & ./iam-servercertupload -b public_key_certificate_file  -c certificate_chain_file -k privatekey.pem -s certificate_object_name
     
  • On Windows computers, enter the following command:

    c:\ iam-servercertupload -b public_key_certificate_file  -c certificate_chain_file -k privatekey.pem -s certificate_object_name
     

Step 3: Verify Certificate Installation

Use the iam-servercertgetattributes command to verify the certificate installation

  • On Linux and UNIX computers, enter the following command:

    & ./iam-servercertgetattributes -s certificate_object_name
     
  • On Windows computers, enter the following command:

    c:\ iam-servercertgetattributes -s certificate_object_name

     

For more detailed documentation regarding Amazon Web Service (AWS) - Amazon EC2 please reference the following article:
http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#UploadSignedCertDiscussion\

Disclaimer:

RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Find Answers


Search Tips