Can you automate cross-account private CA certificate renewal through AWS RAM and ACM Private CA?

0

We're planning to use AWS RAM and ACM Private CA for central private certificate authority (CA) management across multiple AWS accounts. If we were to use AWS RAM in one account (account A) to share a private CA with a second account (account B), and then account B uses the private CA from account A in ELB and CloudFront, would the private CA in account B also be renewed automatically when the private CA in account A is renewed? Or would we need to do that manually?

AWS
전문가
질문됨 3년 전808회 조회
1개 답변
0
수락된 답변

CA certificates aren't automatically renewed through ACM Private CA, so you'll have to manually reimport a certificate in account A's private CA. The private CA in account A will automatically come back to its previous state (ACTIVE) and be shared with account B without changing the ARN or ID of the private CA. If your services are exposing the whole certificate chain, then those will have to be updated to match the new shared private CA certificate. For more information, see Updating your private CA in the ACM Private CA user guide.

Note: AWS Certificate Manager (ACM) provides managed renewal for Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you're using DNS validation), or it will send you email notices when your certificate expirations are approaching.

AWS
답변함 3년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인