Importing self-signed certificates to AWS Certificate Manager (ACM) and IAM

In this guide, we’ll delve into the importance of having secure certificates for our applications and load balancers, and I’ll provide a step-by-step tutorial on how to import these certificates into AWS Certificate Manager (ACM).

For the purpose of this tutorial, I’ll walk you through the process of importing a private certificate that we will generate using OpenSSL.

Step 1: Generating an RSA Certificate with OpenSSL on Windows WSL Ubuntu 22.04

Our first step involves creating an RSA certificate valid for 365 days. To do this, we’ll use the following OpenSSL command:

openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout /tmp/key.pem -out /tmp/cert.pem

This command generates a new RSA certificate and private key, storing them as cert.pem and key.pem respectively in the /tmp directory.

Step 2: Importing the Certificate into AWS Certificate Manager (ACM)

With the certificate (cert.pem) and private key (key.pem) now created, our next step is to import them into ACM. Here's how you can accomplish this with the AWS CLI:

aws acm import-certificate --certificate fileb:///tmp/cert.pem --private-key fileb:///tmp/key.pem --tags Key=Name,Value=CA-AWS

By following these steps, you’ll be able to successfully import a secure certificate into ACM, enhancing the security of your applications and load balancers.

3. To incorporate our previously generated certificate into IAM, we utilize the following AWS CLI command:

aws iam upload-server-certificate --server-certificate-name CA-AWS --certificate-body file:///tmp/cert.pem --private-key file:///tmp/key.pem

This command uploads the certificate (cert.pem) and the private key (key.pem) to IAM, assigning it a name CA-AWS for easy reference.

Upon successful execution of the above command, AWS CLI will confirm the import of the certificate into IAM, signifying that your certificate is now securely integrated within AWS’s services.

That’s it!