Having trouble associated SSL cert with Amazon Cloudfront

Question

I\'m trying to associate a custom SSL certificate with Cloudfront. I uploaded it to IAM with the cert, privatekey, and chain. I gave it an upload path of /cloudfront.

<

Answer 1

So I figured out the problem!

DNSimple by default makes you a 2432 bit key, which is larger than the max size of 2048bit that Amazon allows. If you want to test the size of your key and cert, run the following:

Private Key:

openssl rsa -in private.key -text -noout

Example: Private-Key: (2048 bit)

Cert:

openssl x509 -in public.cert -text -noout

Example output: Public-Key: (2048 bit)

The output of each command will tell you how many bits it is. If you bought a SSL cert from DNSimple, you can message them and they can reauthorize your cert/key with a different size.

After doing this, associating your cert with your Cloudfront distribution should work.

Answer 2

Also got this error, and spent more time than I'd like trying to work out why it was failing (key size over 2048, cert chain etc).

I was attempting to use an IAM cert when creating the distribution through Terraform (specifying iam_certificate_id). Having looked at the AWS web interface for creating a distribution, there's no option to enter IAM cert Id, and it appears to only allow ACM certs. Has support for IAM certificates now been dropped (doesn't seem to be available on AWS console)?

When using ACM cert instead of IAM cert it worked fine for me.