Upload Signing Certificate for AWS IAM User

To create a private key

At the command line, use the openssl genrsa command with the following syntax:

#openssl genrsa 1024 > private-key.pem

If you will be using the certificate to authenticate CLI commands for Auto Scaling, CloudWatch, or Elastic Load Balancing, generate the certificate in PKCS8 format using the following command:
#openssl pkcs8 -topk8 -nocrypt -inform PEM -in private-key.pem -out private-key-in-PCKS8-format.pem

Create the User Signing Certificate
You can now create a user signing certificate.

To create a user signing certificate
Use the openssl req command and the following syntax:
#openssl req -new -x509 -nodes -sha1 -days 365 -key private-key.pem -outform PEM > certificate.pem

Because you’re creating a user signing certificate (not a server certificate), you can leave all the values blank when you’re prompted. These values are used by the Certificate Authority (CA) to help authenticate the server certificate. However, because user signing certificates are uploaded in an authenticated session, AWS does not need any information in the certificate for further validation, and requires only the public-private key pair.

The .pem file contains the certificate value that you can copy and paste during the upload procedure that follows.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s