Use the RSA-2048 signature to verify the instance identity document
This topic explains how to verify the instance identity document using the RSA-2048 signature and the AWS RSA-2048 public certificate.
To verify the instance identity document using the RSA-2048 signature and the AWS RSA-2048 public certificate
-
Connect to the instance.
-
Retrieve the RSA-2048 signature from the instance metadata and add it to a file named
rsa2048
along the required header and footer. Use one of the following commands depending on the IMDS version used by the instance. -
Find the RSA-2048 public certificate for your Region in AWS public certificates and add the contents to a new file named
certificate
. -
Use the OpenSSL smime command to verify the signature. Include the
-verify
option to indicate that the signature needs to be verified, and the-noverify
option to indicate that the certificate does not need to be verified.$
openssl smime -verify -inrsa2048
-inform PEM -certfilecertificate
-noverify | tee documentIf the signature is valid, the
Verification successful
message appears. If the signature cannot be verified, contact AWS Support.