To create a private key
At the command line, use the openssl genrsa command with the following syntax:
#openssl genrsa 1024 > private-key.pem
If you will be using the certificate to authenticate CLI commands for Auto Scaling, CloudWatch, or Elastic Load Balancing, generate the certificate in PKCS8 format using the following command:
#openssl pkcs8 -topk8 -nocrypt -inform PEM -in private-key.pem -out private-key-in-PCKS8-format.pem
Create the User Signing Certificate
You can now create a user signing certificate.
To create a user signing certificate
Use the openssl req command and the following syntax:
#openssl req -new -x509 -nodes -sha1 -days 365 -key private-key.pem -outform PEM > certificate.pem
Because you’re creating a user signing certificate (not a server certificate), you can leave all the values blank when you’re prompted. These values are used by the Certificate Authority (CA) to help authenticate the server certificate. However, because user signing certificates are uploaded in an authenticated session, AWS does not need any information in the certificate for further validation, and requires only the public-private key pair.
The .pem file contains the certificate value that you can copy and paste during the upload procedure that follows.