List the iam certs
aws iam list-server-certificates --profile <profile_name>Download the cert
aws iam get-server-certificate --server-certificate-name <name> --profile <profile> --output textReading a pem file
openssl x509 -in cert.pem -text -nooutCreating and uploading self-signed cert
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
openssl req -new -key private.pem -out certificate.csr
openssl x509 -req -days 365 -in certificate.csr -signkey private.pem -out certificate.crt
aws iam upload-server-certificate --server-certificate-name jenkins-elb-cn --certificate-body file://certificate.crt --private-key file://private.pem --profile <profile>Uploading cert a purchased cert:
aws iam upload-server-certificate --server-certificate-name <name> --certificate-body file://cert.pem --certificate-chain file://CertificateBundle.pem --private-key file://server.private.pem --profile <profile>Validate the cert and private key:
diff <(openssl x509 -noout -modulus -in server_cert.pem ) <(openssl rsa -noout -modulus -in cert.key )
echo $?
0Reference:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-ssl-upload.html
