'Retrieve PEM-encoded private key from API Gateway Client Certificate

I am following along with the following tutorial to add an SSL certificate to an API hosted with AWS API Gateway: aws-docs. I am able to successfully follow along with Generate a client certificate using the API Gateway console, resulting in the following certificate:

API Gateway Client Certificate

I am also able to Configure API to use SSL certificates by following along the prompt. The issue comes in the section that is Configure a backend HTTPS server to verify the client certificate. The instructions specify that "you must have obtained the PEM-encoded private key and a server-side certificate". Pressing "copy" retrieves the certificate, but I never got a private key when creating the certificate, and I don't see any option to retrieve the private key. How would I go about retrieving the PEM-encoded private key for a certificate created using API Gateway?

The goal of all this is to create an http request using python's requests library. Without the certificate, when posting the request I get an error which looks like:

(Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)'))

You can specify a certificate and private key with requests like the following according to geeksforgeeks:

result = requests.post(url, cert=('/path/client.cert', '/path/client.key')

However, as stated above, there is no obvious way to get the PEM-encoded private key. Setting the flag verify=False for the request is not acceptable for this application due to security concerns. So either a way to get the PEM-encoded private key or create the python request in another way using just the .cert file obtained using the "copy" button would be acceptable solutions for this application.

sslencryptioncertificate


Solution 1:[1]

I have recently faces the same issue, when I had to create a Client Certificate, as I was following the official guide.

I also didn't receive any PEM key

Therefore I resorted to using AWS CLI

aws apigateway  get-client-certificate  --client-certificate-id <<your_client_cert_id>>

docs

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Zahar

Related Questions

How to make html file encrypted?

Difference result by using sign and verify for signature

Invalid argument(s): Input buffer too short AND Invalid or corrupted pad block

Extract metadata info and Validate digital signature from PDF file using Python

How to convert hexadecimal string to an array of UInt8 bytes in Swift?

file is encrypted or is not a database: , while compiling: select count(*) from sqlite_master;

Getting Started with crypto++ decryption with AES

Create compatible Java "RSA" signature using a PKCS#8 encoded private key

Is there any difference, if I init AES cipher, with and without IvParameterSpec

Flutter - How to decrypt a RSA private key encrypted string if we have RSA public key with us?

Asp.net core, "asn1 encoding routines:asn1_d2i_read_bio:not enough data" error for certificate

How to securely store a user password in java for reuse throughout application

How to store password field in oracle 11g database in encrypted form?

How to store password field in oracle 11g database in encrypted form?

CryptoJS - Decrypt an encrypted file