AWS EC2: generating private key file out of cert-***.pem for SSH terminal access


i have my access key, secret key, and the downloaded cert pem file.

i understand SSH requires a private key file in order to establish a terminal SSH connection to my instance.

what i did find through Google is that i need to use puttygen to convert my cert pem file into a private key file:

however, all the instructions i found are based on a GUI puttygetn and i only have the CL version because i am running Linux Fedora 16 on my laptop. i did yum PuTTy, which came with a GUI but puttygen only has a CL version. what i tried to do in puttygen is as follows:

can anybody point what i am doing wrong and how i can use CL puttygen to convert my cert file to a private key file that is usable by SSH to connect to my instances?

thanks in advance


The ssh private key is completely different from the X.509 certificate and private key. It’s a little confusing because folks often save the ssh private key generated by EC2 in a “.pem” file just like the cert and pk use.

You can’t convert or use the X.509 certificate or private key for ssh as you tried to do.

You can generate an ssh private key (sometimes called a “keypair”) through Amazon EC2 on the AWS console or through the AWS command line tools (ec2-add-keypair). If you are using Putty, you may still need to convert to PPK format as your referenced article describes, but you are converting the ssh key .pem file, not the X.509 private key or certificate.

If you know how to generate your own ssh key locally (or have already done so) then I recommend doing this and uploading the ssh public key to EC2.

When you run an EC2 instance, you then specify the ssh keypair name so that EC2 makes the ssh public key available to the instance, letting you securely ssh in to your new server.

Leave a Reply