Can I use a customer managed AWS KMS key to encrypt the private key of an ACM certificate?

1 minute read
0

I want to encrypt the private key of an AWS Certificate Manager (ACM) issued public certificate. I want to use a customer managed AWS Key Management Service (AWS KMS) key instead of the default AWS managed KMS key.

Resolution

ACM uses an AWS managed KMS key to encrypt the private keys of certificates. You can't replace the encryption key with a customer managed AWS KMS key.

To use the private key to install a certificate on a service that isn't integrated with ACM, request the certificate from the third-party provider. Use the certificate directly with the non-integrated service. To use the certificate with an ACM integrated service, import the certificate from the third-party provider into ACM.

Related information

Exporting a private certificate

AWS OFFICIAL
AWS OFFICIALUpdated 4 months ago