Ask a Question

Solution ID : SO21761

  • Thawte

Error: "Invalid Public Key Certificate" when installing certificate on Amazon Web Service (AWS) - Amazon EC2

Problem

When installing an SSL certificate into Amazon Web Service (AWS) - Amazon EC2 device, you may receive the following error message.

Error: Invalid Public Key Certificate.

Cause

This problem may occur on Amazon Web Service (AWS) - Amazon EC2 device when any of the following conditions are true.
  • Thawte Intermediate CA bundle certificate is not installed on Amazon Web Service (AWS) - Amazon EC2 device
  • Thawte Intermediate CA bundle certificate is installed on Amazon Web Service (AWS) - Amazon EC2 device but the CA bundle required needs to be installed in reversed order

Solution

To resolve the error from installing Thawte ssl certificate using Amazon Web Service (AWS) - Amazon EC2 device, perform the following steps.

Step 1: Download Intermediate CA Bundle Certificate

To download the Intermediate CA bundle certificate, refer to article AR1384

When viewing the CA bundle you will see two certificates stacked on top of each other. These two certificates will need to be switched. The top certificate needs to be placed on the bottom and the bottom certificate needs to be placed on top.

Example:
 

-----BEGIN CERTIFICATE----
Primary Intermediate CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Secondary Intermediate CA
-----END CERTIFICATE-----

Needs to be switched to..

-----BEGIN CERTIFICATE-----
Secondary Intermediate CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Primary Intermediate CA
-----END CERTIFICATE-----
 

You can then copy and paste the file contents into a notepad and save the file with a .pem extension.
 

Step 2: Installation of SSL & Intermediate CA Bundle Certificate

The Thawte certificate will be sent by email. If the certificate is included as an attachment (Cert.cer), you may use the file. If the certificate is imbedded in the body of the email, copy and paste it into a text file (save as cert.pem) using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file.

The text file should look like:

-----BEGIN CERTIFICATE-----

[encoded data]

-----END CERTIFICATE-----

Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.

If you need to download the certificate from your account

To obtain a copy of your SSL certificate in X.509 pem format from Thawte Certificate Center (TCC) or Thawte Certificate Center Enterprise (TCCE), refer to solution SO13187


Use the iam-servercertupload command to upload your Thawte signed certifcate and CA bundle file.

  • On Linux and Unix Computers, enter the following command:

    & ./iam-servercertupload -b public_key_certificate_file  -c certificate_chain_file -k privatekey.pem -s certificate_object_name
     
  • On Windows computers, enter the following command:

    c:\ iam-servercertupload -b public_key_certificate_file  -c certificate_chain_file -k privatekey.pem -s certificate_object_name
     

Step 3: Verify Certificate Installation

Use the iam-servercertgetattributes command to verify the certificate installation

  • On Linux and UNIX computers, enter the following command:

    & ./iam-servercertgetattributes -s certificate_object_name
     
  • On Windows computers, enter the following command:

    c:\ iam-servercertgetattributes -s certificate_object_name


For more detailed documentation regarding Amazon Web Service (AWS) - Amazon EC2 please reference the following article:
http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#UploadSignedCertDiscussion\