【AWS CLI Samples】Certificate Manager

Certificate Manager
2024.05.06

The execution of commands is primarily verified in AWS Cloud9.
If you would like to provide command examples, please submit them through the contact form.
You may also use this form to request corrections for the listed command examples.

Import a self-signed certificate into ACM

aws acm import-certificate \
--certificate fileb://cert.pem \
--private-key fileb://privatekey.key \
--certificate-chain fileb://chain.pem

output

{
    "CertificateArn": "arn:aws:acm:us-east-2:444455556666:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b92"
}

by anonymous

Request a certificate from a private CA

ca_arn="arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566"

aws acm request-certificate \
--domain-name www.example.com \
--certificate-authority-arn $ca_arn

output

{
    "CertificateArn": "arn:aws:acm:us-east-2:444455556666:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b91"
}

by anonymous

Request a public certificate

aws acm request-certificate \
--domain-name www.example.com \
--validation-method DNS

output

{
    "CertificateArn": "arn:aws:acm:us-east-2:444455556666:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b90"
}

by anonymous

List certificates

aws acm list-certificates \
--query 'CertificateSummaryList[*].[CertificateArn, DomainName] | map(&[], @)' \
--output text

output

arn:aws:acm:us-east-2:444455556666:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b90        www.example.com
arn:aws:acm:us-east-2:444455556666:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b91        www.example.com
arn:aws:acm:us-east-2:444455556666:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b92        www.example.com

by anonymous

View certificate details

aws acm describe-certificate \
--certificate-arn arn:aws:acm:us-east-2:444455556666:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b90

output

{
    "Certificate": {
        "CertificateArn": "arn:aws:acm:us-east-2:444455556666:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b90",
        "DomainName": "www.example.com",
        "SubjectAlternativeNames": [
            "www.example.com"
        ],
        "DomainValidationOptions": [
            {
                "DomainName": "www.example.com",
                "ValidationDomain": "www.example.com",
                "ValidationStatus": "FAILED",
                "ValidationMethod": "DNS"
            }
        ],
        "Subject": "CN=www.example.com",
        "Issuer": "Amazon",
        "CreatedAt": "2024-05-04T10:13:13.867000+00:00",
        "Status": "FAILED",
        "KeyAlgorithm": "RSA-2048",
        "SignatureAlgorithm": "SHA256WITHRSA",
        "InUseBy": [],
        "FailureReason": "ADDITIONAL_VERIFICATION_REQUIRED",
        "Type": "AMAZON_ISSUED",
        "KeyUsages": [],
        "ExtendedKeyUsages": [],
        "RenewalEligibility": "INELIGIBLE",
        "Options": {
            "CertificateTransparencyLoggingPreference": "ENABLED"
        }
    }
}

by anonymous

Delete a certificate

aws acm delete-certificate \
--certificate-arn arn:aws:acm:us-east-2:444455556666:certificate/cffb8a69-0817-4e04-bfb1-dac7426d6b90

output

None

by anonymous

タイトルとURLをコピーしました