Let me explain my question first. I bought a certificate from a CA and used the following format to generate the csr and the private key:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
When I open the server.key file, I see that it begins with "-----BEGIN PRIVATE KEY-----"
I use the SSL cert on my server and everything looks fine.
Now I want to upload the same cert to AWS IAM so that I can use it for by beanstalk load balancer. I use the following command from this aws doc http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SubmitCSRCertAuth
iam-servercertupload -b public_key_certificate_file -k privatekey.pem -s certificate_object_name
I change the cert file names as required but keep getting this error: "400 MalformedCertificate Invalid Private Key."
The interesting thing is, on the aws doc page, the sample private key that they show starts with "-------Begin RSA Private Key--------"
Is there a way to convert my private key to an RSA private key using openssl?
Newer versions of OpenSSL say BEGIN PRIVATE KEY
because they contain the private key + an OID that identifies the key type (this is known as PKCS8 format). To get the old style key (known as either PKCS1 or traditional OpenSSL format) you can do this:
openssl rsa -in server.key -out server_new.key
If you are using OpenSSL 3, you need to add -traditional
:
openssl rsa -in server.key -out server_new.key -traditional
Alternately, if you have a PKCS1 key and want PKCS8:
openssl pkcs8 -topk8 -nocrypt -in privkey.pem