I have 4 certificates which i received from CA (SSL) :

Root CA Certificate - 123.crt

Intermediate CA Certificate - 456.crt

Intermediate CA Certificate - 789.crt

Your PositiveSSL Certificate - 654.crt

I have generated circuit.pem -private key and csr.pem through which I got these certificates.

Now, i want to upload these certificates to IAM using

    aws iam upload-server-certificate --server-certificate-name certificate_object_name --certificate-body file://public_key_certificate_file --private-key file://privatekey.pem --certificate-chain file://certificate_chain_file 

AWS -Working with Server Certificates

But I am not able to gauge which is my server certificate and how can I upload my all certificates.

Please help me with the above command for my above certificates.

I tried :

    aws iam upload-server-certificate --server-certificate-name MyServerCertificate --certificate-body file://www_advisorcircuit_com.crt --private-key file://circuit.pem --certificate-chain file://COMODORSAAddTrustCA.crt

I am getting this error:

A client error (InvalidClientTokenId) occurred when calling the UploadServerCertificate operation: The security token included in the request is invalid.

I have to say, getting this to work was a huge pain in the ass. Basically you are missing the user configuration details. You have to create a user on Amazon using the IAM service here https://console.aws.amazon.com/iam/home. Pay attention to what your region is in the url, you'll need that later. So create a user, attach a policy (I attached AdministratorAccess), "Create Access Key", download credentials for the user and use them to run:

$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

Some caveats on getting the certificate install command to work. Make sure the file's have readable permissions....I think I specified 664. I specified the .pem extension on all the files...I believe AWS prefers the old school style key files, so I had to run

openssl rsa -in my_key.key -text > new_key.pem  

An additional hint (because that's what happened to me)

Run echo $AWS_ACCESS_KEY_ID and echo $AWS_SECRET_ACCESS_KEY to check if these ENV variables are set.

No matter what you pass to aws configure, the ENV variables will override it.

Configuration Settings and Precedence

Yes, This is tricky even you have configured all IAM access to a user and then trying to upload certificate using their access keys.

I got this problem many times. Here is how I solved it.

• When User is not having required IAM access like Upload Server certificate etc. -> You need to make sure that user has the right access, Maybe try after giving Full IAM access to the user.
• Of Course, the region and the other user details should be correct as discussed in previous answers.
• Was trying with an older session terminal(This terminal was running for more than 24 hours) -> Relaunch the terminal and try the same command. Yes, I observed this issue twice. I simply relaunched the terminal and performed the same command and it worked.

Command with absolute path:

*aws iam upload-server-certificate --server-certificate-name mycertificate --certificate-body file:///Users/raushan/Downloads/com/certificate.pem --private-key file:///Users/raushan/Downloads/com/private_key.pem --certificate-chain file:///Users/raushan/Downloads/com/CertChain.pem*