19

I have a public SSL certificate in Amazon Certificate Manager. I want to upload this certificate to an instance that is not hosted in amazon. How can i download the certificate from Amazon Certificate Manager. I need to download both certificate and private key

Nipu
  • 653
  • 1
  • 8
  • 15

1 Answers1

35

You cannot download the private key for an SSL certificate from ACM - ACM certificates are only for use on AWS ALBs, CloudFront, API gateway and other AWS infrastructure. ACM keep hold of the private key and will use it whereever the certificate is used.

You can download the certificate using awscli with aws acm get-certificate --certificate-arn arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. This will get you Public certificate.

https://docs.aws.amazon.com/cli/latest/reference/acm/get-certificate.html

mikemaccana
  • 110,530
  • 99
  • 389
  • 494
Asdfg
  • 11,362
  • 24
  • 98
  • 175
  • Thank you for information. Do you know how can i setup downloaded public certificate in another server (no in aws) ? according to my knowledge, without the private key i cannot use the downloaded certificate in another server – Nipu Aug 19 '19 at 18:57
  • 15
    @Nipu You can only use ACM SSL certificates with AWS Load Balancers, CloudFront and API Gateway. it is not possible obtain the certificate from ACM and install it directly on a server. – Mark B Aug 19 '19 at 19:06
  • Whether we could use this certificate for rabbitMQ ? – Visakh V A Jun 23 '22 at 08:26
  • @MarkB Note that this is old info. You can now use export-certificate to get the private key as well. – Ariel Jul 10 '23 at 22:49
  • @Ariel That's only for private certificates created by ACM for internal use. This question is about public certificates. – Mark B Jul 11 '23 at 00:08
  • @MarkB Ah, I did not understand that nuance, thank you for the clarification. Suggestion: maybe update your answer to mention export-certificate and the nuance of using it? – Ariel Jul 11 '23 at 04:06