I can’t upload server certificate on AWS IAM

amazon ec2amazon-iamaws-cliload balancingssl-certificate

I got AWS iam working on my server, and trying to upload some certificates:

aws iam upload-server-certificate --server-certificate-name domain2014 
--certificate-body file:///var/www/html/certificate.pem 
--private-key file:///var/www/html/private-key.pem 
--certificate-chain file:///var/www/html/ca.pem

I get:

Error parsing parameter '--certificate-body': file does not exist: /var/www/html/certificate.pem

I tried uploading the files from my MAC, and I get the same answer.

Already checked this question but file:// is not missing, and route is OK.

I do have credentials such as:

 AWSAccessKeyId=BKIAJQ1111111111111
 AWSSecretKey=H+2+2mko11111111111111cv+UFuA6

And also a config file. But I honestly don't understand where or how to use it to upload the certificates (after using aws configure I complete the info and then I don't know what to do next).

All this process started yesterday when I completed the process of uploading the load balancer with no issues, but later I realized that the certificate that is actually working is the self signed that I had previously on the server (this is the question I posted yesterday)

Edit:

If I try from terminal:

aws iam list-server-certificates

I get:

A client error (AccessDenied) occurred when calling the ListServerCertificates operation: User: arn:aws:iam::999990212999:user/admin is not authorized to perform: iam:ListServerCertificates on resource: arn:aws:iam:: 999990212999:server-certificate/

Edit2:

The AccessDenied problem was related with permissions. You must go to EC2 Management Console -> Administration and Security -> IAM -> Users -> Select the User and go to User Permissions. Select "Attach User Policy". In there, you chose the profile with the attributes that works for you (in my case was Administrator Access).

Once you update permisions, you can se the Certificate (If it was loaded correctly using load balancers or IAM).

Edit3:

I realized that I didn't need to upload the certificate because I already did it with the load balancers. Part of my confusion was that I had to load the certificates with AWS IAM again.

If your certicate is already on the server, the last step is to change your Domain Record Set. If your domain is hosted in AWS, go to Route 53 in the EC2 Management Console and create a record set. It must be a Type A record (not a CNAME), with an alias pointing to your Amazon Load Balancer (check your address in the tab DNS in the panel). The address should be something like:

9999999999.eu-west-1.elb.amazonaws.com

Best Answer

The command is looking for a file that does not exist

file does not exist: /var/www/html/certificate.pem

Possibly your certificate is not named certificate.pem, or my guess is you don't have a folder named /var/www on your local system where you're running this command (nor on your mac).

You need to put the location of certificate.pem on your local computer after file://
If it's named something other than certificate.pem, put the local file names in the command.

Source:
http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#UploadSignedCert
http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html

Related Topic