How do I resolve the CloudHSM error "InitializeCluster request failed: CloudHsmInvalidRequestException - TrustAnchor provided is not a valid x509 certificate"?

Last updated: 2021-08-09

I tried to initialize an AWS CloudHSM cluster, and received the error "InitializeCluster request failed: CloudHsmInvalidRequestException - TrustAnchor provided is not a valid x509 certificate."

Resolution

You must use a self-signed root certificate (customerCA.crt) to sign the cluster certificate signing request (CSR). Verify that the certificate is an issuing certificate or trust anchor root certificate with the following AWS CLI command:

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

$ openssl x509 -in customerCA.crt -text -noout

If the certificate customerCA.crt is a root certificate, then the issuer and subject are the same.

For more information, see Sign the CSR.


Did this article help?


Do you need billing or technical support?