How to install a PFX into CloudFront

Posted 3 years ago

If you use PFX files instead of cer, key or crt files, you will need to convert them before uploading them to CloudFront or AWS. CloudFront also offers no easy way to upload a certificate and will require you to use the command line tools to upload it.

You will need OpenSSL for windows which can be downloaded here: http://slproweb.com/products/Win32OpenSSL.html and the AWS Command Line Tools which can be downloaded here: http://aws.amazon.com/cli/

Extract the private key from the PFX

openssl pkcs12 -in {site}.pfx  -nocerts -nodes -passin pass:{password} | openssl rsa -out {site}.key

Extract the public key from the PFX

openssl pkcs12 –in {site}.pfx -clcerts -nokeys -passin pass:{password} | openssl x509 -out {site}.cer

Extract the chain bundle from the PFX

openssl pkcs12 -in {site}.pfx -nodes -nokeys -cacerts -passin pass:{password} | openssl x509 -chain -out bundle.crt

Upload the private key, public key and certificate to cloudfront.

aws iam upload-server-certificate --server-certificate-name {site} --certificate-body file:// {site}.cer --private-key file:// {site}.key --certificate-chain file://bundle.crt --path /cloudfront/{site}/

You should now see your new certificate in CloudFront.

Tags: aws pfx crt cer key certificate openssl