I'm trying to use the aws-sdk-ruby to import Certificates to ACM. However, when I try to use the Aws::ACM::Client#import_certificate using either of the following methods, the stack trace tells me my private key is not 1024 or 2048. If that were the case Entrust wouldn't have signed my Certificate. I also told the openssl program to generate as 2048.
The Error Message
The private key is not supported. Only RSA 1024-bit and 2048-bit private keys are allowed.
First code example
def acm_upload(options)
require 'aws-sdk'
@aws_region = ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION'] || 'us-west-2'
@aws_profile = ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default'
acm = Aws::ACM::Client.new(region: @aws_region, profile: @aws_profile)
begin
puts '=> Uploading Key, Cert, and Chain to ACM.'
aws_response = acm.import_certificate({
certificate: options[:cert_name],
private_key: options[:key_name],
certificate_chain: options[:chain_name],
})
rescue Aws::ACM::Errors::ServiceError => e
puts 'An AWS ACM Service Error has occured.'
raise e.message
rescue Aws::Errors::ServiceError => e
puts 'An AWS Error has occured.'
raise e.message
end
puts aws_response
end
acm_upload({
cert_name: './ssl/certificate/signed_cert.crt',
key_name: './ssl/key/private_key.pem',
chain_name: './ssl/chains/cert_chain.crt'
})
The first method call says my key is not 2048bit. Then the second method also does as well:
acm_upload({
cert_name: File.read('./ssl/certificate/signed_cert.crt'),
key_name: File.read('./ssl/key/private_key.pem'),
chain_name: File.read('./ssl/chains/cert_chain.crt)'
})
Same error as above. The documentation isn't very clear to me on what its expecting. It says data, and I figured that was the contents of the certificate file. Has anyone else had this issue before?
I was able to upload the key, certificate, and chain to ACM using the aws Python CLI that they provide using file://.
