mv/aws-x509.md

Created November 30, 2012 19:25

Star (1) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/mv/4177939.js"></script>
Save mv/4177939 to your computer and use it in GitHub Desktop.

Download ZIP

AWS x509 SelfSigned User Certificate

Raw

aws-x509.md

X.509 self-signed key

1. Generate Private key

# create private key
openssl genrsa -des3 -out pk.encrypted.key 2048

# Remove passphrase from encrypted key
openssl rsa -in pk.encrypted.key -out pk.key

# Name private key using AWS name
cp pk.key pk-user-aws.pem

2. Generate a Certificate Signing Request (CSR)

# from the private key, generate a CSR
openssl req \
    -subj '/C=COUNTRY/ST=STATE/L=CITY/O=ORGANIZATION/OU=TEAM/CN=YOURNAMEHERE/emailAddress=YOUREMAIL@HERE' \
    -new -key pk.key -out cert.csr

# using the CSR, create a self-signed key
openssl x509 -req -days 365 \
    -signkey pk.key \
    -in  cert.csr   \
    -out cert.crt

# Name certificate using AWS name
cp cert.crt cert-user-aws.pem

3. Use the keys

# copy keys to $HOME/.ec2/
cp *pem /home/user/.ec2/

# Upload certifate (i.e., public part of your key) to AWS console IAM
# cert-*.pem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment