Unable to select Custom SSL Certificate (stored in AWS IAM)

Question

I am going to create a new distribution at CloudFront. Already I have uploaded my SSL certificate at AWS IAM using AWS CLI. That certificate appears in the Custom SSL Certificate dropdown on new distribution page but it is DISABLED.

Can someone tell me why is it so? How to select my custom SSL certificate for this distribution?

Answer 1

Only the certificates registered in the US East (N.Virginia) region will be enabled to use in cloudfront. 

This might take a whole day for AWS to propagate the new certificate to all the nodes. And when you log back into the console, your certificate will be enabled.

If this didn’t work, follow these steps:

1. Use ACM to create a certificate in us-east-1 (N.Virginia) or import an existing certificate to IAM.
2. Wait until it is validated, the load the cloudfront distribution setting edit page.
3. If custom SSL option is in grey, logout and login which will refresh it.

The key to solve this problem is to change your location to us-east-1.