Signing a CSR using Private CA
0
I wants to use ACM Private CA to sign CSR's. In one workflow, I want to generate certificates from the CA to install on devices. In an alternate workflow, I want to generate a CSR on the device, sign it with the CA, and install the certificate back on the device.
I see references to "signing a CSR" in other posts, but I can't figure out how to do it.
已提问 4 年前2115 查看次数
1 回答
- 最新
- 投票最多
- 评论最多
0
Here is a quick link to the document. The command that you are looking for is "issue-certificate" https://docs.aws.amazon.com/cli/latest/reference/acm-pca/issue-certificate.html
issue-certificate
--certificate-authority-arn <value>
--csr <value>
--signing-algorithm <value>
[--template-arn <value>]
--validity <value>
[--idempotency-token <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
The example of the command is:
aws acm-pca issue-certificate --certificate-authority-arn “arn:aws:acm-pca:us-east-...” --csr file://csr_in_pem_format.csr --signing-algorithm SHA384WITHECDSA --template-arn arn:aws:acm-pca:::template/EndEntityCertificate/V1 --validity Value=9,Type="YEARS" --idempotency-token 1234
The token is used to ensure that multiple identical calls within short time period are ignored. Note : Validity needs to of a shorter value than the signing CA
已回答 4 年前
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 9 个月前
