Imported SSL Cert not listed for ALB Listener
I have created an SSL cert via DigiCert and imported to ACM. (I require the same SSL to be applied to both ALB and the Application, and since there's no way to import ACM certs, I had to follow this way)
I have successfully imported the SSL and can see it in the console. However, I cannot apply it to ALB 443 Listener.
I provided the Cert ARN to the CloudFormation template and it fails stating certificate don't exist.
I have tried to manually update the 443 Listener, but the cert is not listed
Since both failed, I have tried to import the cert in the ALB Listener console, but got the below error message. (However, certificate gets imported and I can see it in the console)
Updating listener failed. The imported certificate's configuration is not compatible and will not appear in the list of available certificates for your listeners. Select or upload a different certificate and try again.
Did you check whether the SSL cert key algorithm is supported by the Application Load Balancer? These are the supported Algorithms:
Source:https://aws.amazon.com/premiumsupport/knowledge-center/elb-ssl-tls-certificate-https/
You can check the Key sizes using these commands:
$ openssl rsa -in secret.key -text -noout | grep "Private-Key"
Private-Key: (2048 bit)
$ openssl x509 -in certificate.crt -text -noout | grep "Public-Key"
RSA Public-Key: (2048 bit)
As mentioned by @aress-support, you can use IAM to import the certificate. https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/