I am importing an openssl certificate to AWS ACM using python. I always got an error:
Response:
{
"errorMessage": "An error occurred (ValidationException) when calling the ImportCertificate operation: The certificate field contains more than one certificate. You can specify only one certificate in this field.",
"errorType": "ClientError",
"stackTrace": [
" File \"/var/task/lambda_function.py\", line 7, in lambda_handler\n response = client.import_certificate(\n",
" File \"/var/runtime/botocore/client.py\", line 316, in _api_call\n return self._make_api_call(operation_name, kwargs)\n",
" File \"/var/runtime/botocore/client.py\", line 626, in _make_api_call\n raise error_class(parsed_response, operation_name)\n"
]
}
here is my code:
import boto3
client = boto3.client('acm')
def lambda_handler(event, context):
response = client.import_certificate(
Certificate='sample.vpn.crt',
PrivateKey='sample.vpn.key',
CertificateChain='ca.crt'
)
Any help would be appreciated.
As stated in the boto3 docs, the type of the three parameters should not be strings, but bytes. What did the trick for me was reading the cert files from the package like this:
import boto3
client = boto3.client('acm')
def lambda_handler(event, context):
certificate=open('sample.vpn.crt', 'rb').read()
privatekey=open('sample.vpn.key', 'rb').read()
chain=open('ca.crt', 'rb').read()
response = client.import_certificate(
Certificate=certificate,
PrivateKey=privatekey,
CertificateChain=chain
)
Unfortunately, the error message was a bit misleading in this case. If you still get the same error message with this, please make sure your certificate files have the format that is required by ACM. You can test that by trying to import the certificate using the ACM Console. If you receive the same error, please follow the steps that AWS provides on this troubleshooting page.