Introduction
AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.
Points to consider for import
- Import certificate, if you want to use a third-party certificate with Amazon CloudFront, Elastic Load Balancing, or Amazon API Gateway
- ACM cannot renew imported certificates, but it can help you manage the renewal process.
- You are responsible for monitoring the expiration date of your imported certificates and for renewing them before they expire.
- You can use ACM CloudWatch metrics to monitor the expiration dates of imported certificates and import a new third-party certificate to replace an expiring one.
1. Prerequisites for importing certificates
To import a self–signed SSL/TLS certificate into ACM, you must provide both the certificate and its private key. To import a certificate signed by a non-AWS certificate authority (CA), you must also include the private and public keys of the certificate.
For all imported certificates, you must specify a cryptographic algorithm and a key size. Your certificate must satisfy all of the criteria described here.
2. Certificate Format
ACM requires you to separately import the certificate, certificate chain, and private key (if any) and to encode each component in PEM format.
Click here for more details on a PEM File: https://www.c-sharpcorner.com/article/what-is-a-pem-file/
3. Steps to import SSL-Certificate
1. In the AWS console, navigate to the AWS Certificate Manager service and click on Import certificate.
2. Copy and paste certificate details from your PEM Files.
- For the Certificate body, paste the PEM-encoded certificate to import.
- It should begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE.
- For Certificate private key, paste the certificate's PEM-encoded, unencrypted private key.
- It should begin with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY.
- (Optional) For the Certificate chain, paste the PEM-encoded certificate chain.
3. Add tags (Skip for now, you can update it later).
4. Click on Next, Review, and import the certificate.
5. On successful import, you can see the imported certificate under 'List certificates' with your application Domain name.
Verify imported certificate details
Click on the certificate ID; you will get the details related to the certificate.
Domains |
A list of fully qualified domain names (FQDN) authenticated by the certificate |
Serial Number |
Used to uniquely identify the certificate |
In use |
If it's currently in use. This will be set to Yes, once the certificate is used in one of the services
CloudFront, Elastic Load Balancing, API Gateway, or other ACM-integrated services |
Public key info |
The cryptographic algorithm used to generate the key pair |
Signature algorithm |
The cryptographic algorithm used to create the certificate's signature |
Expires in |
Certificate expiration date |
Can be used with |
A list of ACM integrated services that support the type of certificate you are importing |
Conclusion
In this article, we have provided an introduction to AWS Certificate Manager (ACM) service and how you can import a SSL certificate using ACM.