How to use *.pfx certificate for Amazon ELB SSL

Question

I have cert.pfx file, I need to install to be used in Amazon Elastic Load Balancer. How can I do it?

Answer 1

Extract private key without password. The first command will request pfx password and prompt for a password for key.pem; a password for key.pem must be provided. The second command asks for key.pem password provided for 1st command.

openssl pkcs12 -in cert.pfx -nocerts -out key.pem

openssl rsa -in key.pem -out server.key

Extract certificate:

openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.pem

Extract certificate chain:

openssl pkcs12 -in cert.pfx -nodes -nokeys -out chain.pem

Certificate chain contains several items. You may need to remove item that refers to your certificate, it's on top and it's not needed. Give a try with/without removing the top item. After that, the other items should be placed in reverse order.

server.key is a private key in ELB, cert.pem is a certificate in ELB, output #4 is certificate chain.