AWS re:Post Knowledge Center Feedback Survey

Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.

How do I import a third-party issued TLS/SSL certificate to ACM?

2 minute read

I want to import a third-party issued TLS/SSL certificate into AWS Certificate Manager (ACM).

Resolution

Prerequisites:

Make sure that you provide the certificate, its private key, and the certificate chain to ACM.
Your certificate must also include the prerequisites to import ACM certificates.

To import in PEM-encoded format, you must have a PEM-encoded certificate, certificate chain, and private key. For more information, see Certificate and key format for importing.

(Optional) Use OpenSSL to convert the certificate bundle from PFX to PEM

If your certificate is in PKCS#12 (PFX) format, then convert the certificate bundle from PFX to PEM format. Then, import the PEM-encoded certificate to ACM.

Complete the following steps:

To copy the PFX or P12 file to the same location as your OpenSSL tool, or specify the location in the command line, run the following OpenSSL command:
```
openssl pkcs12 -in PKCS12file -out Cert_Chain_Key.txt
```
Note: Replace PKCS12file with your certificate file name.
Enter the required password and passphrase. The certificate, private key, and certificate chain are parsed and placed into the Cert_Chain_Key.txt file.
Note: The private key is encrypted in the Base64-encoded private key format.

Decrypt the private key

Complete the following steps:

To copy the private key from the Cert_Chain_Key.txt file into your OpenSSL directory, or specify the location in the command line, run the following OpenSSL command:
```
openssl rsa -in Encrypted.key -out UnEncrypted.key
```
Note: Replace Encrypted.key with your encrypted private key file name.
Enter the passphrase. The UnEncrypted.key is now the decrypted private key. To verify the decrypted private key works, use a text editor to open the UnEncrypted.key file and view the headers.

Related information

Why can't I import a third-party public SSL/TLS certificate into ACM?

Topics: Security, Identity, & Compliance
Tags: AWS Certificate Manager
Language: English

AWS OFFICIALUpdated 2 months ago

No comments

Relevant content

Can I reimport an AWS ACM certificate with a different certificate provider?
Accepted Answer
Alejandro Lozano
asked 2 years ago
Import cert to ACM: certificate field contains more than one certificate
jbaptiste
asked 6 years ago
Import a self-signed Root CA in ACM PCA
Accepted Answer
EXPERT
MassimilianoAWS
asked 6 years ago
Backend mTLS with ACM imported certificate
rePost-User-3135092
asked 2 years ago
CloudFront: Adding alternate CNAME with imported cert into ACM fails
Diego
asked a year ago
Why can't I import a third-party public SSL/TLS certificate into ACM?
AWS OFFICIALUpdated 2 years ago
How do I resolve the error "New certificate is missing Extended Key Usages" when I reimport my certificate to ACM?
AWS OFFICIALUpdated 2 years ago
How do I pin an application that runs on AWS to a certificate issued by ACM?
AWS OFFICIALUpdated a year ago
Why can't I find my imported ACM certificate for my load balancer or CloudFront distribution?
AWS OFFICIALUpdated 2 years ago
How do I manage Chrome’s clientAuth deprecation for AWS Certificate Manager (ACM) certificates?
EXPERT
N_Agarwal
published 3 months ago