Signing a CSR using Private CA
0
I wants to use ACM Private CA to sign CSR's. In one workflow, I want to generate certificates from the CA to install on devices. In an alternate workflow, I want to generate a CSR on the device, sign it with the CA, and install the certificate back on the device.
I see references to "signing a CSR" in other posts, but I can't figure out how to do it.
gefragt vor 4 Jahren2115 Aufrufe
1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
Here is a quick link to the document. The command that you are looking for is "issue-certificate" https://docs.aws.amazon.com/cli/latest/reference/acm-pca/issue-certificate.html
issue-certificate
--certificate-authority-arn <value>
--csr <value>
--signing-algorithm <value>
[--template-arn <value>]
--validity <value>
[--idempotency-token <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
The example of the command is:
aws acm-pca issue-certificate --certificate-authority-arn “arn:aws:acm-pca:us-east-...” --csr file://csr_in_pem_format.csr --signing-algorithm SHA384WITHECDSA --template-arn arn:aws:acm-pca:::template/EndEntityCertificate/V1 --validity Value=9,Type="YEARS" --idempotency-token 1234
The token is used to ensure that multiple identical calls within short time period are ignored. Note : Validity needs to of a shorter value than the signing CA
beantwortet vor 4 Jahren
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 2 Jahren- AWS OFFICIALAktualisiert vor 10 Monaten
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren