Uploading a Server Certificate

You can upload a server certificate in Elastic Identity Management (EIM) that you can then use with a load balancer listener to enable SSL termination.

This certificate must be in the x509 format. You need to provide:

  • The certificate itself

  • The chain of intermediate certification autorities if your certificate is not signed by a root one

  • The corresponding private key, which must not be protected by a password or a passphrase

All these elements must be PEM-encoded.

Uploading a Server Certificate Using Cockpit

  1. Click Services > Load Balancers.

  2. Click Manage Certificates .
    The MANAGE CERTIFICATES dialog box appears.

  3. Click Upload new certificate .

  4. Specify the information for the ceritifcate to upload:

    • In the Certificate Name field, type the name for the certificate, which must be unique.

    • In the Certificate section, click Choose file and select the file corresponding to your PEM-encoded x509 certificate.

    • In the Private Key section, click Choose file and select the file corresponding to the PEM-encoded private key matching the certificate.

    • (optional) In the Certificate Chain section, click Choose file and select the file corresponding to the concatenation of your PEM-encoded x509 certificate.

      Ensure you selected the All files option to display all file formats.

      The following x509 certificate formats are supported: x509, PEM, CER, CRT, CSV, RSA, and TXT.

  5. Click Upload.
    The certificate is uploaded and appears in the MANAGE CERTIFICATES dialog box.

Uploading a Server Certificate Using AWS CLI

To upload a server certificate in EIM, use the upload-server-certificate command following this syntax:

Request sample
$ aws iam upload-server-certificate \
    --profile YOUR_PROFILE \
    --certificate-body file://certificate.pem \
    --certificate-chain file://certificate_chain.pem \
    --path /division/subdivision \
    --private-key file://private_key.pem \
    --server-certificate-name my-server-certificate \
    --endpoint https://eim.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • certificate-body: The PEM-encoded X509 certificate.

  • (optional) certificate-chain: The PEM-encoded chain of intermediate certification authorities.

  • (optional) path: The path to the server certificate, set to a slash (/) if not specified.

  • private-key: The PEM-encoded private key matching the certificate.

  • server-certificate-name: The name for the certificate, which must be unique.

  • endpoint: The endpoint corresponding to the Region you want to send the request to.

The upload-server-certificate command returns the following elements:

  • ServerCertificateMetadata: The metadata of the uploaded server certificate. This element contains the following information:

    • Arn: The OUTSCALE Resource Name (ORN) of the server certificate.

    • Path: The path to the server certificate.

    • ServerCertificateId: The ID of the server certificate, generated by EIM.

    • ServerCertificateName: The name of the server certificate.

Result sample
{
    "ServiceCertificateMetadata":
                               {
                                "Arn": "my_load_balancer_1234567890.lbu.eu-west-2.outscale.com",
                                "Path": "/division/subdivision",
                                "ServerCertificateId": "ABCDEFGHIJK1L2MNOPQRS",
                                "ServerCertificateName": "my-server-certificate",
                               }
}

The server certificate is uploaded

Related Pages

Corresponding API Method

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.