An error occurred (ValidationException) when calling the ImportCertificate operation: The private key is not supported

4
votes

I am using the AWS CLI in order to import a certificate to region us-east-1, like so:

aws acm import-certificate --certificate cert.crt --private-key private.key --certificate-chain chain.crt --profile prof --region us-east-1

This has worked in the past for other certs, however I recently started seeing the following error:

An error occurred (ValidationException) when calling the ImportCertificate operation: The private key is not supported.

I have checked that the private key indeed matches the certificate via openssl, so I am quite lost as to what might be the issue here.

openssl rsa -in private.key -check

yields

RSA key ok

What could be the issue?

2
amazon-web-servicesaws-cli

2 Answers

8
votes

I just ran into this as well and found a hint elsewhere that suggested prefixing your file with "file://". Worked for me. Give it a try:

aws acm import-certificate --certificate file://cert.crt --private-key file://private.key --certificate-chain file://chain.crt --profile prof --region us-east-1
0
votes

In MAC OS, we need to prefix with file:///, triple / slash instead of two.

aws acm import-certificate --certificate "file:///cert.crt" --private-key "file:///private.key" --certificate-chain "file:///chain.crt" --profile prof --region us-east-1