This topic provides answers to some frequently asked questions about Classic Load Balancer (CLB) certificates.
How do I resolve the Invalid Parameter error when I create a certificate?
How do I resolve the Invalid Format error when I create a server certificate?
How do I resolve the Certificate Chain Not found error when I create a certificate?
How do I resolve the Invalid Format error when I specify a private key?
How do I resolve the Invalid Format error when I specify a public key?
How do I resolve the Invalid Parameter error when I create a certificate?
Issue
On the Certificates page, after I click Create Certificate, select Alibaba Cloud Certificates, and then click Create, the message Invalid parameter appears.
Possible causes
The error may be caused by one of the following reasons:
The content of the public key is invalid.
The format in which the certificate is encoded is not supported.
Solutions
To check whether the content of a public key is valid, upload the certificate to a Linux server and run the following command:
openssl x509 -noout -text -in myprivate.pem
If the following error is returned, it indicates that the content of the public key is invalid.
If the following message is returned, it indicates that the content of the public key is valid.
Alibaba Cloud supports certificates encoded in RFC4648 Base64. To prevent upload failures, make sure that your certificate is encoded in a format supported by Alibaba Cloud.
How do I resolve the Invalid Format error when I create a server certificate?
Issue
On the Certificates page, after I click Create Certificate, select Upload Third-party Certificate, and then click Create, the message The specified Server Certificate format is invalid. Check the format and try again appears.
Possible causes
The content of the private key is invalid.
Solutions
To check whether the content of a private key is invalid, upload the certificate to a Linux server and run the following command:
openssl rsa -in myprivate.key -check
If the following error is returned, it indicates that the content of the private key is invalid.
If the following message is returned, it indicates that the content of the private key is valid.
How do I resolve the Certificate Chain Not found error when I create a certificate?
Issue
On the Certificates page, after I click Create Certificate, select Upload Third-party Certificate, and then click Create, the message No certificate chain is found in the certificate content appears.
Possible causes
In most cases, a certificate file obtained from a certificate provider contains a certificate issued by an intermediate certification authority (CA) and your certificate. This is also known as a certificate chain. Before you upload a certificate, you must verify that the certificate chain is valid.
Solutions
Contact the CA that issued the certificate to verify the certificate chain.
How do I resolve the Invalid Format error when I specify a private key?
Issue
On the Certificates page, after I click Create Certificate, select Upload Third-party Certificate, and then enter the content of a private key, the message The format of the private key content is invalid appears.
Possible causes
The format of the Rivest–Shamir–Adleman (RSA) private key certificate is invalid. The RSA private key must start with -----BEGIN RSA PRIVATE KEY-----
and end with -----END RSA PRIVATE KEY-----
.
Solutions
If the format of the RSA private key certificate is invalid, upload the certificate to a Linux server and run the following command to convert the format:
openssl rsa -in myprivate.key -out myprivate.pem
How do I resolve the Invalid Format error when I specify a public key?
Issue
On the Certificates page, after I click Create Certificate, select Upload Third-party Certificate, and then enter the content of the public key, the message The format of the certificate content is invalid appears.
Possible causes
The format of the public key content is invalid. The content must start with -----BEGIN CERTIFICATE-----
and end with -----END CERTIFICATE-----
.
Solutions
Contact the CA that issued the certificate to verify the content of the public key.
How do I resolve the Certificate Not Found error when I associate a server certificate with an HTTPS listener?
Issue
When I configure an HTTPS listener, after I select a server certificate in the SSL Certificates step, the message The certificate does not exist appears.
Possible causes
The HTTPS listener of the CLB instance is created by using an Alibaba Cloud account, but the certificate is created by using an Alibaba Finance Cloud account. As a result, the system cannot identify the certificate that you uploaded.
Solutions
Use the same Alibaba Cloud account to create the CLB instance and upload the certificate.