I’ve been testing and experimenting a bit to find out how exactly to upload SSL Certificates to AWS’s Elastic Load Balancer (figuring out issues with different key and certificate encodings).
Therefore I have quite a few test certificates on there that I’ve generated with either the wrong information, missing certificate chains or just bogus data.
As far as I can see there is no way to delete these certificates, or even update/replace the ones that are missing certain information. AWS’s instructions to “updating a certificate” (http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/US_UpdatingLoadBalancerSSL.html) actually just shows you how to change the load balancer listener to use a different certificate that is either already on there or that you can then upload as well! (that’s exactly how I ended up with so many certificates on there in the first place).
Could someone please tell me that I’m wrong and there is a way to delete them? 😀 (and preferably also how to do that)
This is not possible. You have to delete the ELB and make a new one.
See:
https://forums.aws.amazon.com/thread.jspa?threadID=57632
It is possible to remove them from the IAM but they do not always remove correctly from the ELB, and the ELB can continue to use an old one. I would definitely say the safest way is to create a new ELB and delete the old one