By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Can I use ACM to export a private key?

1 minute read
0

I want to know if I can use AWS Certificate Manager (ACM) to export a certificate's private key.

Short description

You can't export a public certificate's private key because ACM uses AWS Key Management Service (AWS KMS) to encrypt the private key. For more information, see Security for certificate private keys. However, you can export AWS Private Certificate Authority issued private certificates that have encrypted private keys. 

Resolution

If you use a service that isn't integrated with ACM, then you can request a certificate with an exportable key from a third-party provider. Then, import the third-party issued TLS/SSL certificate to ACM so that you can manage the certificate. You can then use the certificate with ACM integrated services.

To export a private certificate that AWS Private CA issued, see Exporting a private certificate.

Related information

ACM certificate characteristics

Why can't I import a third-party public SSL/TLS certificate into ACM?

How do I use the ACM console to request a private certificate when the AWS Private CA validity is less than 13 months?

AWS Certificate Manager FAQs

AWS OFFICIAL
AWS OFFICIALUpdated 5 months ago