By using AWS re:Post, you agree to the Terms of Use

Signing a CSR using Private CA


I wants to use ACM Private CA to sign CSR's. In one workflow, I want to generate certificates from the CA to install on devices. In an alternate workflow, I want to generate a CSR on the device, sign it with the CA, and install the certificate back on the device.

I see references to "signing a CSR" in other posts, but I can't figure out how to do it.

1 Answer
Accepted Answer

Here is a quick link to the document. The command that you are looking for is "issue-certificate"

--certificate-authority-arn <value>
--csr <value>
--signing-algorithm <value>
[--template-arn <value>]
--validity <value>
[--idempotency-token <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

The example of the command is:

aws acm-pca issue-certificate --certificate-authority-arn  “arn:aws:acm-pca:us-east-...” --csr file://csr_in_pem_format.csr --signing-algorithm SHA384WITHECDSA --template-arn arn:aws:acm-pca:::template/EndEntityCertificate/V1 --validity Value=9,Type="YEARS" --idempotency-token 1234

The token is used to ensure that multiple identical calls within short time period are ignored. Note : Validity needs to of a shorter value than the signing CA

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions