This topic provides answers to some frequently asked questions about certificate upload failures.

How can I resolve the Invalid Parameter error when I create a certificate?

Issue

On the Certificates page, after I click Create Certificate, select Alibaba Cloud Certificates, and then click Create, the message Invalid parameter. appears.

Cause

The error may be caused by one of the following reasons:
  • The content of the public key is invalid.
  • The format in which the certificate is encoded is not supported.

Solution

  • To check whether the content of a public key is valid, upload the certificate to a Linux server and run the following command:
    openssl x509 -noout -text -in myprivate.pem
    • If the following error is returned, it indicates that the content of the public key is invalid. 370866
    • If the following message is returned, it indicates that the content of the public key is valid. Valid public key content
  • Alibaba Cloud supports certificates encoded in RFC4648 Base64. To prevent upload failures, make sure that your certificate is encoded in the format supported by Alibaba Cloud.

How can I resolve the Invalid Format error when I create a server certificate?

Issue

On the Certificates page, after I click Create Certificate, select Upload Third-party Certificate, and then click Create, the message The specified Server Certificate format is invalid. Check the format and try again. appears.

Cause

The content of the private key is invalid.

Solution

To check whether the content of a private key is invalid, upload the certificate to a Linux server and run the following command:
openssl rsa -in myprivate.key -check
  • If the following error is returned, it indicates that the content of the private key is invalid. Invalid private key content
  • If the following message is returned, it indicates that the content of the private key is valid. Valid private key content

How can I resolve the Certificate Chain Not found error when I create a certificate?

Issue

On the Certificates page, after I click Create Certificate, select Upload Third-party Certificate, and then click Create, the message No certificate chain is found. appears. No certificate chain is found

Cause

In most cases, a certificate file obtained from a certificate provider contains a certificate issued by an intermediate certification authority (CA) and your certificate. This is also known as a certificate chain. Before you upload a certificate, you must verify that the certificate chain is valid.

Solution

Contact the CA that issues the certificate to verify the certificate chain.

How can I resolve the Invalid Format error when I specify a private key?

Issue

On the Certificates page, after I click Create Certificate, select Upload Third-party Certificate, and then enter the content of a private key, the message The format of the private key content is invalid. appears. ec

Cause

The error may be caused by one of the following reasons:
  • The format of the RSA private key certificate is invalid. The RSA private key must start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----.
  • The content of the elliptic curve (EC) private key certificate is not found. An EC private key certificate consists of two sections. The first part starts with -----BEGIN EC PARAMETERS----- and ends with -----END EC PARAMETERS-----. The second part starts with -----BEGIN EC PRIVATE KEY----- and ends with -----END EC PRIVATE KEY-----.

Solution

  • If the format of the RSA private key certificate is invalid, upload the certificate to a Linux server and run the following command to convert the format:
    openssl rsa -in myprivate.key  -out  myprivate.pem
  • If the content of the EC private key is not found, contact the CA that issues the certificate to verify the private key.

How can I resolve the Invalid Format error when I specify a public key?

Issue

On the Certificates page, after I click Create Certificate, select Upload Third-party Certificate, and then enter the content of a public key, the message The format of the certificate content is invalid. appears. Public key

Cause

The format of the public key content is invalid. It must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

Solution

Contact the CA that issues the certificate to verify the public key.

How can I resolve the Certificate Not Found error when I associate a server certificate with an HTTPS listener?

Issue

When I configure an HTTPS listener, after I select a server certificate in the SSL Certificates step, the message The certificate does not exist. appears.

Cause

The HTTPS listener of the Classic Load Balancer (CLB) instance is created by using an Alibaba Cloud account. The certificate is created by using an Alibaba Finance Cloud account. Therefore, the system cannot identify the certificate that you uploaded.

Solution

Use the same account to create the CLB instance and upload the certificate.