1. Extract RSA Private key
openssl pkcs12 -in CERTIFICATE.PFX -nocerts -nodes -out private.key openssl rsa -in private.key -out private-rsa.key
2. Extract Certificate
openssl pkcs12 -in CERTIFICATE.PFX -clcerts -nokeys -out certificate.crt
3. Extract Certificate Chains
openssl pkcs12 -in CERTIFICATE.PFX -cacerts -nokeys -out certificate-chain.crt
4. Trimming Certificates for AWS
sed -ne '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/ p' certificate.crt > certificate-trim.crt sed -ne '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/ p' certificate-chain.crt > certificate-chain-trim.crt
5. Upload Key & Certificates to AWS via CLI
aws iam upload-server-certificate --profile profile --server-certificate-name domain.com --certificate-body file://certificate-trim.crt --private-key file://private-rsa.key --certificate-chain file://certificate-chain-trim.crt