muonlab » 2015 » June

random .NET and web development musings

Take your pkcs12 (pfx) that you exported from Windows MMC or wherever, get yourself OpenSSL and run:

Public key:

openssl pkcs12 -in mycert.pfx -clcerts -nokeys -out publickey.txt

Open up publickey.txt and trim anything before the line:


Private key:

openssl pkcs12 -in mycert.pfx -nocerts -nodes -out privatekey.txt

Open up privatekey.txt and trim anything before the line:



openssl pkcs12 -in mycert.pfx -nodes -nokeys -cacerts -out chain.txt

Open up chain.txt and trim anything outside the lines:


then if you have multiple certificates, reverse the order of the certificate blocks (i.e. move the top certificate to the bottom).

Next you need to use the AWS CLI to upload your certificate:

with the CLI in your PATH, from the same dir (important) as the three certificate files, run:

aws iam upload-server-certificate --server-certificate-name --certificate-body file://publickey.txt --private-key file://privatekey.txt --certificate-chain file://chain.txt --path /cloudfront/

You can add --debug for mildly useful error messages