Uploading an SSL Certificate to IAM for use with ELB or Cloudfront using PowerShell

Because I only do this once or twice a year, I can never quite remember how to get it done. So consider this post an aide-memoire of sorts.

Generally, your SSL cert will turn up as one or (preferably) more *.crt files – one the actual certificate, and the other the verification chain – and you should also have a private key, probably as a *.key file.

Step one: convert these to PEM format using openssl.exe at the PowerShell prompt. Don’t have openssl? Download it here or use chocolatey, as follows

Now, down to the business of conversion. Hopefully, you have an x509 format cert and chain. Convert them into the AWS-friendly PEM format like so:

Next, we do the same to the Private Key

Now, how do we get these into AWS?

We use the Publish-IAMServerCertificate cmdlet, of course

For use in ELBs, we use this

And to do the same for AWS CloudFront, well you need the /cloudfront/ path, like so

And your certificates will be uploaded to IAM and squirrelled away in the certificate store. You can check that it’s there by using


Side Note: There’s a command called Get-IAMServerCertificate and another called Get-IAMServerCertificates – note the ‘s’. This breaks the powershell convention of a single command to operate on singular or multiple values. I would hope AWS would eventually fix this flaw and bring the SDK into line with published PowerShell conventions, but we will see.

Now, when you go to your CloudFront distribution or your ELB’s listeners tab, you should be presented your new Certificate in the dropdown for available certs, and you’ll have your content nicely secured.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">