2

AWS ACM provides an API to export the public certificate via CLI.

https://docs.aws.amazon.com/cli/latest/reference/acm/export-certificate.html

Stackoverflow question

When certificates are renewed, the exported ones will not remain valid, and theres' no API to export the public key.

Is there a way to extract, or otherwise retrieve the public key from an ACM public certificate?

greenhorn
  • 1,097
  • 6
  • 10

1 Answers1

1

AWS ACM provides an API to export the public certificate via CLI.

Sadly this is not the case. The link is for AWS ACM Private CA which is related to AWS ACM, but its not the same:

Exports a private certificate issued by a private certificate authority (CA) for use anywhere.

In short, AWS ACM certificates can't be exported, while those from AWS ACM Private CA can. However, SSL certs from AWS ACM Private CA are not public, can't be used on the internet and are not free.

If you require to have control of a private key from your SSL cert, you need to get it from a third party, not from ACM.

I assume that you want private key, not public. Public key you can get from a browser when you connect to your website protected by SSL cert from ACM.

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • 1
    Thanks. The requirement is to get a public key for public key cryptographic purposes for AWS backend. I guess that won't work with default ACM certificates, specially with managed rotation. – greenhorn Oct 15 '20 at 01:30