Amazon AWS has a lot of identifiers, certs, passwords, etc., for an account. To clarify these:
$ openssl genrsa 1024 > private-key-temp.pem
Generating RSA private key, 1024 bit long modulus
.....................++++++
....................++++++
e is 65537 (0x10001)
$ openssl req -new -x509 -nodes -sha1 -days 3650 -key ./private-key-temp.pem -outform PEM > pk-final.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GNUski
Organizational Unit Name (eg, section) []:GNUski HowTos
Common Name (e.g. server FQDN or YOUR name) []:gnuski.blogspot.com
Email Address []: email@gnuski.blogspot.com
$ rm private-key-temp.pem
and your x.509 pk-final.pem will look like this*:
* Yes, I used the same fake cert for both the EC2 and the x.509 examples; to the human eye these will appear to be about the same, but they are mathematically different.
AWS Username and Password:
The basic login information, used on the AWS website. These are not the same as the AMI instance accounts, which are the users on the cloud virtual machines in AWS.Access Key and Secret Access Key:
These are created with a new account, and are used as identifiers and for some access. The System Administrator account has access to retrieving these; more here. The Secret Access Key should be kept a secret. These look like this:AWDFKFRG45FTPDEC7B2A
mdFGRfRU9JJ7adW2wsdgHB+0ccgt5bbHGqEEGgT
EC2 Key Pair certificate:
This is created and provided with a new AMI virtual machine. When you create a new Amazon Machine Instance (AMI), this EC2 cert is provided and should be downloaded and saved. Once that VM instance has booted, you need to provide this certificate on the AWS website in order to retrieve that instance's user password. More info here. The EC2 Cert will look like this*:-----BEGIN CERTIFICATE----
MIICzDCCAjWgAwIBAgIJAJJxAco/ePDwMA0GCSqGSIb3DQEBBQUAMH8xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGR05Vc2tpMRYwFAYDVQQLDA1HTlVza2kgSG93VG9zMRwwGgYDVQQDDBNnbnVza2kuYmxvZ3Nwb3QuY29tMB4XDTEyMDYwNjE0NDU0M1oXDTIyMDYwNDE0NDU0M1owfzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQKDAZHTlVza2kxFjAUBgNVBAsMDUdOVXNraSBIb3dUb3MxHDAaBgNVBAMME2dudXNraS5ibG9nc3BvdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALhQ4PjHezIZtcJ/rxIEMeAAShW4zf7Q+F3UppisnHKn7EjqZp6/BL0NnlQWQjtcOIWsDbF0elbN+f9hA3bzxq0WadoxqFFryF86l0/yDtUlPb6TKYc2oSXitvCQFsQa4bGXY/2uhdUjZMcdeDAAclxEy7/X0saGiwTrem3AaFTfAgMBAAGjUDBOMB0GA1UdDgQWBBT+Ftnsj1QUUc4guKLuyICFsPwi+DAfBgNVHSMEGDAWgBT+Ftnsj1QUUc4guKLuyICFsPwi+DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALHbSTrxP5LIYLBuhAJg0GS2KHR358c5x/wrkqBnIRdyQ0DrRfI9KyKpqSW2JFZ6W7hk3NN0gi5S+Uc3vHDUwnysqfKp6k0pBKL7kNRJfsXqsUz83A5VrgkCKHC91oX+lYIZnmDH0xGmGMBfKFThvEQ6luoxiq8/906SVJa0plKR
-----END CERTIFICATE-----
x.509 Certificate:
Created on the user's computer and uploaded to Amazon, in order to use the AWS command line tools. More info here on that upload. Your cert is created with these commands (in bold):$ openssl genrsa 1024 > private-key-temp.pem
Generating RSA private key, 1024 bit long modulus
.....................++++++
....................++++++
e is 65537 (0x10001)
$ openssl req -new -x509 -nodes -sha1 -days 3650 -key ./private-key-temp.pem -outform PEM > pk-final.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GNUski
Organizational Unit Name (eg, section) []:GNUski HowTos
Common Name (e.g. server FQDN or YOUR name) []:gnuski.blogspot.com
Email Address []: email@gnuski.blogspot.com
$ rm private-key-temp.pem
and your x.509 pk-final.pem will look like this*:
-----BEGIN CERTIFICATE-----
MIICzDCCAjWgAwIBAgIJAJJxAco/ePDwMA0GCSqGSIb3DQEBBQUAMH8xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGR05Vc2tpMRYwFAYDVQQLDA1HTlVza2kgSG93VG9zMRwwGgYDVQQDDBNnbnVza2kuYmxvZ3Nwb3QuY29tMB4XDTEyMDYwNjE0NDU0M1oXDTIyMDYwNDE0NDU0M1owfzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQKDAZHTlVza2kxFjAUBgNVBAsMDUdOVXNraSBIb3dUb3MxHDAaBgNVBAMME2dudXNraS5ibG9nc3BvdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALhQ4PjHezIZtcJ/rxIEMeAAShW4zf7Q+F3UppisnHKn7EjqZp6/BL0NnlQWQjtcOIWsDbF0elbN+f9hA3bzxq0WadoxqFFryF86l0/yDtUlPb6TKYc2oSXitvCQFsQa4bGXY/2uhdUjZMcdeDAAclxEy7/X0saGiwTrem3AaFTfAgMBAAGjUDBOMB0GA1UdDgQWBBT+Ftnsj1QUUc4guKLuyICFsPwi+DAfBgNVHSMEGDAWgBT+Ftnsj1QUUc4guKLuyICFsPwi+DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBALHbSTrxP5LIYLBuhAJg0GS2KHR358c5x/wrkqBnIRdyQ0DrRfI9KyKpqSW2JFZ6W7hk3NN0gi5S+Uc3vHDUwnysqfKp6k0pBKL7kNRJfsXqsUz83A5VrgkCKHC91oX+lYIZnmDH0xGmGMBfKFThvEQ6luoxiq8/906SVJa0plKR
-----END CERTIFICATE-----
* Yes, I used the same fake cert for both the EC2 and the x.509 examples; to the human eye these will appear to be about the same, but they are mathematically different.