Download SSL certificate from aws certificate manager

amazon-ec2 ssl amazon-web-services ssl-certificate aws-cli

68,086

Solution 1

You cannot download a SSL certificate from ACM.

Solution 2

Note: While this can be used to fetch the (already public) certificate, it does not download the private key necessary to use that certificate outside Amazon's systems.

It is now possible to download the certificate with the following command:

aws acm list-certificates / aws acm get-certificate

Ref:http://docs.aws.amazon.com/cli/latest/reference/acm/get-certificate.html

Solution 3

You cannot download from ACM. from the FAQ:

Q: Can I use certificates on Amazon EC2 instances or on my own servers?

A: No. At this time, certificates provided by ACM can only be used with specific AWS services

Solution 4

You can't, but you can get a free one from https://letsencrypt.org/certificates/.

Letsencrypt also offers an API backed by open source code to automatically update.

View more solutions

68,086

Shailesh Sutar

All posts are imaginary and fictional. A resemblance to any current or past affair is pure coincidence. IT Engineer by profession. Curious about human behavior.

Updated on September 18, 2022

Comments

Shailesh Sutar over 1 year

I am using aws certificate manager for managing SSL. Recently I purchased a wildcard ssl *.example-private.com Now I need that SSL certificate to deploy on enterprise git instance on aws.

How can i download ssl from aws?
- ceejayoz over 7 years
  
  Side note: If you really purchased a certificate, it wasn't from Amazon. Theirs are free.
- Shailesh Sutar over 7 years
  
  @ceejayoz I mean I requested wild card ssl certificate in aws certificate manager and I deployed it on ELB that i have in account.
- Shailesh Sutar over 7 years
  
  @ceejayoz lets say I've git instance with url git.example-private.com and I want to deploy ssl over it. what should I do in that case? and forget about the wildcard ssl i.e. *.example-private.com
- ceejayoz over 7 years
  
  Put an ELB or CloudFront in front of the instance. Otherwise, you'll need to get an SSL from someone else (Let's Encrypt is free and highly recommended). ACM certificates can't be downloaded for use outside of AWS's built-in integrations like ELBs and CF.
- Shailesh Sutar over 7 years
  
  @ceejayoz Thanks for the suggestion. It worked with few tweaks according to my production environment.
geerlingguy almost 7 years

Specifically, from the ACM FAQ: You can use ACM with the following AWS services: Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, AWS Elastic Beanstalk. I was hoping to use a ACM cert on an EC2 instance... but that's not possible at this time.
ceejayoz over 6 years

Why are you re-answering an old question with the same answer that's been already provided to and accepted by the OP?
Shailesh Sutar over 6 years

Where does this document states that one can download certificate? I didn't see any such option in that document. Could you please share the exact link?
Muhammad Shoaib Irtaza over 6 years

SO you are right Shailesh, i mistakenly pasted the wrong URL... url updated.
ceejayoz over 6 years

This gets you the certificate, but you can get that with cURL or just by going to the website - it is 100% public information. It does not get the private key, which means this is useless for OP's purposes.
Shailesh Sutar over 6 years

@ceejayoz is right. When I want to download SSL that means I want to download its private key so that I can deploy aws acm ssl to any server I want. I think that it's not possible to do it in anyway.
FireDragon about 6 years

this answer provided more info and context so i'm upvoting it
minnymauer almost 4 years

You now can. serverfault.com/a/878274/325277
ceejayoz almost 4 years

@rangeme No, you can't. See my comment on that answer. (To clarify: You can get the cert, but so can anyone who visits your site. The cert is public. What OP needs is the private key, which you still can't download.)
minnymauer almost 4 years

@ceejayoz Ah yes, my apologies.
Dmitry Kankalovich over 2 years

This answer is incorrect no matter what OP meant. You absolutely can download TLS (aka SSL) certificate from ACM, as well as the entire CA certificate chain. But indeed you cannot download its associated private key. People would be running into this question and see absolutely incorrect accepted answer. It should be re-phrased like You can download SSL cert, but you cannot download its private key, therefore ACM certs cannot be used in third-party applications, like enterprise git in your case
Dmitry Kankalovich over 2 years

Bear in mind, that people might want to download TLS certs for purposes different from OPs, say, putting them in the local trust stores. Completely valid case of downloading certs which has nothing to do with the inability to download the private key.
Akhil over 2 years

command is aws acm get-certificate --certificate-arn <arn-here> --output text