By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Can I export my ACM certificate bundle and private key to other AWS Regions or AWS accounts?

2 minute read
1

I requested a public AWS Certificate Manager (ACM) certificate. I want to know if I can export the certificate bundle and private key to another AWS Region or AWS account.

Short description

You can't export an ACM certificate from one AWS Region to another or from one AWS account to another. ACM uses the default AWS Key Management Service (AWS KMS) key to encrypt the private key of the certificate. The default AWS KMS key that encrypts the private key of the certificate is unique for each Region and account. You also can't export a public certificate or its private key.

For more information, see Security for certificate private keys.

Resolution

Create multiple ACM certificates with the same domain name across different Regions and accounts. Then, use these certificates with services that are integrated with ACM.

For more information, see Requesting a public certificate.

Note: You must request or import ACM certificates in the same Region as your load balancer. Amazon CloudFront distributions must request the certificate in the US East (N. Virginia) Region.

Related information

ACM certificate characteristics

How do I configure my CloudFront distribution to use an SSL/TLS certificate?

How can I associate an ACM SSL/TLS certificate with a Classic, Application, or Network Load Balancer?

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
AWS OFFICIAL
AWS OFFICIALUpdated a year ago
No comments

Relevant content