0

I have to renew an SSL certificate that has been imported into AWS Certificate Manager. I need to be able to create a CSR for this certificate to send to the CA to create the new cert. This particular CA must create the cert, so I cannot use the ACM Request feature. The cert is in use for CloudFront, which has no server that I can terminal into to create the CSR.

How can a CSR be created for this cert? Should it be created locally using openSSL, and what steps would be required to do so? I do not have access to the private key that was used when creating this certificate.

jww
  • 97,681
  • 90
  • 411
  • 885
Paul
  • 337
  • 1
  • 3
  • 9
  • See [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) Both show how to twiddle the `openssl.cnf` file. – jww Nov 15 '17 at 19:08
  • Instead of renewing the certificate with third-party CA, you can create a new one with AWS CM and replace old one. Are there any problems/limitations with this approach? – ExploringApple Nov 15 '17 at 20:42
  • Thanks for the responses! I was able to successfully create a CSR locally on my Mac using OpenSSL. After receiving the certificate, it was very easy to upload the new public key, private key, and certificate chain. The main confusion I was dealing with, is that all the instructions I have read about creating a CSR instruct that it has to be done on the server. This is misleading, because it can be created locally, but extra care must be taken to store the private key securely. @ExploringApple, in this case, the website owner had a policy to only use their internal CA. – Paul Nov 17 '17 at 23:51

0 Answers0