Why my private RSA key is not a valid key for Amazon?

Question

I have generated a CSR and a private key with the following command:

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out myserver.csr

For the last 3 years I did that I optained a proper private key in the following format:

BEGIN RSA PRIVATE KEY
...
END RSA PRIVATE KEY

This format is valid for Amazon and the key was accepted so far.

I had to renew the same certificate so I recreated the key and the CSR on a new EC2 instance with Ubuntu 12.04.

The same command created a private key in the following format:

BEGIN PRIVATE KEY
...
END PRIVATE KEY

The format is no longer valid for Amazon although the key and the certificate are valid for web servers (Nginx, Tomcat).

So, why the behavior has changed ? Do I have to generate a private key with an older version of OpenSSL or an option is available ?

When you say: "The format is no longer valid for Amazon", how did you come to that conclusion? What error message do you get? — David Levesque, Mar 15 '13 at 15:05
The official documentation specifies the format for accepted certificate and keys: See http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.html — Yannick Chaze, Mar 15 '13 at 15:44
Ok I see now. The last answer to this question suggests a way to convert the file, maybe you can try that: http://stackoverflow.com/questions/9678202/why-different-private-key-strings-under-linux-or-windows — David Levesque, Mar 15 '13 at 16:35

score 2 · Answer 1 · answered Aug 22 '13 at 00:58

2

Run the following to convert the key into an AWS compatible format

openssl rsa -in myserver.key > myserver.key.pem

answered Aug 22 '13 at 00:58

Vinay Sahni

1 Answers1