AWS Educate Starter Account of Amazon Cloud Service does not support importing SSL certificates from the control panel. Command line operation is required. The process is as follows:
wget https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip
unzip awscli-exe-linux-x86_64.zip
bash aws/install
The prompt You can now run: /usr/local/bin/aws --version is successful.
Get access_key:
After logging into the console, then open AWS Account
Under the /root folder
mkdir.aws
vi .aws/credentials
[default]
aws_access_key_id=
aws_secret_access_key=
aws_session_token=
The key is only valid for 3 hours at a time. If it times out, you need to repeat the operation to obtain a new key.
Upload certificate:
Assume that the certificate is public_key_cert_file.pem, the key is my_private_key.pem, and the certificate chain is my_certificate_chain_file.pem, then the command to upload the certificate is:
aws iam upload-server-certificate --path /cloudfront/aws/ --server-certificate-name myServerCertificate --certificate-body file://public_key_cert_file.pem --private-key file://my_private_key.pem --certificate -chain file://my_certificate_chain_file.pem
Response json indicating that the upload was successful
Parameter description: --path: Certificate path (on AWS)
--server-certificate-name: Certificate name
--certificate-body: The complete file path of the certificate public key (add file:// before the path, such as file:///root/public_key_cert_file.pem)
--private-key: The complete file path of the certificate private key (add file:// before the path)
--certificate-chain: The complete file path of the certificate chain (add file:// before the path)
For certificates with a .crt extension, just change the extension to pem. The certificate chain part must be separated separately and cannot be included in the public key.
Other commands:
List certificates:
aws iam list-server-certificates
Delete the specified certificate:
aws iam delete-server-certificate --server-certificate-name www.www.net
Certificate upload error
Error message: om.amazonaws.services.cloudfront.model.InvalidViewerCertificateException: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
Cause analysis: The certificate must be 2048 bits or less. Let's Encrypt defaults to 3072 bits.
Reference sources:
HTTPS://GambleReference.com/589.HTML
https://vicloud.net/exp/AWS-cloud front.HTML