0

i am trying to create a self signed certificate using openssl following the docs https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-ssl.html

i tried to add the generated private and public pem files to my NLB TCP listener as a self signed certificate and it is failing with the below exception.

Error creating listener The imported certificate's configuration is not compatible and will not appear in the list of available certificates for your listeners. Select or upload a different certificate and try again.

I saw that NLB allows RSA 2048 certs. Not sure why the console is showing the error display.

The-Higgs-Boson
  • 91
  • 2
  • 8
  • We cannot tell with the current question how you tried to upload. But beside that, this doesn't seem to be directly related to programming. What about [sf] or [su]? If you ask there, please include what you are doing precisely. – Maarten Bodewes Mar 28 '21 at 00:18

1 Answers1

0

You need to generate a RSA 1024 or 2028 certificate. check the valid certificates that ACM supports. i used the below commands to generate the self signed certificate

openssl genrsa -out private-key.pem 1024

openssl rsa -in private-key.pem -pubout -out public-key.pem

openssl req -new -x509 -key private-key.pem -out cert.pem -days 3600

mention the country, state and domain name. I initially missed the domain name because of which NLB listener wasn't accepting the certificate.

The-Higgs-Boson
  • 91
  • 2
  • 8