Signing a CSR using Private CA
0
I wants to use ACM Private CA to sign CSR's. In one workflow, I want to generate certificates from the CA to install on devices. In an alternate workflow, I want to generate a CSR on the device, sign it with the CA, and install the certificate back on the device.
I see references to "signing a CSR" in other posts, but I can't figure out how to do it.
asked 4 years ago2070 views
1 Answer
- Newest
- Most votes
- Most comments
0
Here is a quick link to the document. The command that you are looking for is "issue-certificate" https://docs.aws.amazon.com/cli/latest/reference/acm-pca/issue-certificate.html
issue-certificate
--certificate-authority-arn <value>
--csr <value>
--signing-algorithm <value>
[--template-arn <value>]
--validity <value>
[--idempotency-token <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
The example of the command is:
aws acm-pca issue-certificate --certificate-authority-arn “arn:aws:acm-pca:us-east-...” --csr file://csr_in_pem_format.csr --signing-algorithm SHA384WITHECDSA --template-arn arn:aws:acm-pca:::template/EndEntityCertificate/V1 --validity Value=9,Type="YEARS" --idempotency-token 1234
The token is used to ensure that multiple identical calls within short time period are ignored. Note : Validity needs to of a shorter value than the signing CA
answered 4 years ago
Relevant content
AWS OFFICIALUpdated 2 months ago- AWS OFFICIALUpdated 4 months ago
- Can I use ACM to issue private certificates when the AWS Private CA validity is less than 13 months?AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
