I'm having a bit of trouble converting a Trustwave certificate for importing into AWS. I've received a password protected PFX and have run these commands and entered the correct password prompts at every step:
openssl pkcs12 -in cert.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out server.key
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.pem
openssl pkcs12 -in cert.pfx -nodes -nokeys -out chain.pem
Once I do that I get four files and plug them into AWS Certificate Manager like so:
server.key (Certificate Private Key)
cert.pem (Certificate Body)
chain.pem (Certificate Chain)
key.pem (Not used, but generated by the second command)
When I import AWS complains with: Could not validate the certificate with the certificate chain. Choose Previous button below and fix it.
So I attempted downloading the Trustwave root cert at https://ssl.trustwave.com/support/support-root-download.php (Domain validation > Download Root Certificate).
I've attempted changing the chain to be a combination of chain.pem as well as stca.crt (the Root Cert supplied). Can't seem to get the right combination and am trying to understand how this works properly.
One thing I noticed is that the chain.pem and cert.pem have this appended at the top of the exported files:
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: ***************
subject=/CN=*************.com/O=*****************/L=Richmond/ST=British Columbia/C=CA
issuer=/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Organization Validation SHA256 CA, Level 1/emailAddress=ca@trustwave.com
Do those details matter and if so what do they mean, how do I fix it?
