RightBrain Networks

If you already have a signed SSL Certificate in the Windows IIS format (.pfx) and need to upload it to a Elastic Load Balancer, you're going to have to change the format on the key and the cert. 

1. Download and install OpenSSL utility

An easy way to work with SSL certificates is to use OpenSSL command line utility.

You can download this utility by using common package managers:

CentOS:

~> sudo yum install openssl

Debian / Ubuntu:

~> sudo apt-get install openssl

2. Export the private key from the pfx file

~> openssl pkcs12 -in myCert.pfx -nocerts -out key.pem

It will prompt you for an Import Password. You should enter in the one password you created when exporting the cert from IIS

3. Remove the password and Format  the key to RSA

For the purpose of Amazon Web Services Elastic Load Balancer you'll need it in RSA format and without the password.

~> openssl rsa -in key.pem -out server.key

It will prompt you for a pem passphrase. This would be the passphrase you used above.

Now the key will be accepted by the ELB.

4. Export the certificate file from the pfx file

~> openssl pkcs12 -in myCert.pfx -clcerts -nokeys -out cert.pem

You will be prompted for an Import Password, enter the password you created when exporting the cert from IIS. It will prompt you for a PEM passphrase, enter one if you’d like, then again to confirm it. This will create your cert.pem file and can be directly uploaded to ELB.

Now you're ready to upload these to the ELB.

For instructions on that see #5 at the following article: https://rbn.zendesk.com/entries/24470516-Creating-and-uploading-a-SSL-certificate-to-Elastic-Load-Balancer