IIS 7 SSL Certificates In Amazon ELB
Trying to load your SSL certificates into Amazon Elastic Load Balancer and getting this error? ”Error: Invalid Public Key Certificate”
Here’s how to get them working, if you use Microsoft Windows IIS.
First, go to the AWS Console and create a new load balancer.
Then add “SSL” to the list of protocols. You can come up with a cool name for your load balancer, or just keep the default, “MyLoadBalancer.”
Now Amazon asks for your private and public keys. This is the stuff that was driving me batty. Hopefully this tutorial saves you some time.
Okay, keep this AWS Console window open in the background — we’ll come back to it later, after we export the public and private keys from WIndows.
First, go to your Windows Certificate console. If you don’t know how to do that, instructions are here.
Then find your SSL certificate.
Right click on your certificate -> All Tasks -> Export…
You’re going to need both the PRIVATE key as well as the PUBLIC key. So you’re going to have to go through this wizard twice. Just select one of these radio buttons, then go with the defaults (next… -> next… -> next…) until you end up with 2 files (1 file for public, 1 file for private)
Now you need to convert those files (your public and private keys) into a format that Amazon likes (“Standard PEM”). To do that, visit the SSL Converter at https://www.sslshopper.com/ssl-converter.html
Now you have two converted files. Just open them up in a text editor (rename them with a .txt extension if that’s easier for you), and copy and paste the contents into the form back in the AWS Console.
Then just go with Amazon’s defaults.
Hopefully, Amazon accepted your certificates.
Tip: If you got your SSL certificate from GoDaddy (and maybe this affects other certificate authorities too), they’ll give you a file called “gd_bundle.crt”. Paste the contents of that file into ELB’s “Certificate Chain” box or Safari on the iPhone will give you an error along the lines of “Cannot Verify Identity.”
