AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

How to Generate a CSR for ACM

0

We use AWS Load-balancers for our website hosted on EC2 instances. We want to import SSL cert files to AWS Certificate Manager (ACM). The SSL cert provider asked for a CSR file to generate cert files. However, ACM does not have an option to generate a CSR. Could you please let us know how to generate a CSR for ACM?

Note:

  1. The question it is not How to Generate a CSR for a specific Amazon EC2 (AWS).
  2. If we need to generate a CSR on an EC2 instance, since we have multiple servers behind the Load-balancer, should we generate one CSR for each EC2?

Thanks!

주제
컴퓨팅보안, 신원 및 규정 준수
태그
아마존 EC2AWS 자격증 관리자
언어
English
Ray Gong
질문됨 6달 전370회 조회
2개 답변
0

As far as I know, you must generate the CSR in another tool like OpenSSL.

When you have multiple servers behind an AWS Load Balancer you do not need to generate a separate CSR for each EC2 instance. Instead, you should generate a single CSR, which can be done on any one of your servers or even on a local machine. Import the Certificate into AWS ACM: Once you receive the SSL certificate from your provider, import it into AWS Certificate Manager (ACM).

Jesus Castellanos
답변함 6달 전
0

=== RESPONSE TO FIRST QUESTION ===

A CSR (certificate signing request) is a file containing a public key and identification details (like a form), which is submitted to a Certificate Authority. The Certificate Authority will sign the CSR which will produce the certificate.

This means you can generate a CSR using any tool available to you. For OpenSSL command, you can use the below command to generate both a private key and a CSR file:

---> openssl req -new -newkey rsa:2048 -nodes -keyout PrivateKey.key -out <CSR_Name>.csr

In the case where you already have a private key, you can use the below command to generate only a CSR file:

---> openssl req -new -key privatekey.pem -out test.csr

Once the CSR is generated, you send the CSR to your Certificate Authority. They will sign it and return the actual certificate (SSL) to you.

From here, you have two options;

  1. You can either install the certificate yourself by installing it in the web server hosting your website or
  2. You can import it to AWS ACM where an AWS ACM issued certificate will be given to you for your custom website. This option is best especially if you have other resources in AWS like CloudFront or ELB because you can easily associate the certificate in ACM with these resources. To import a certificate to AWS ACM, here is a documentation that highlights the step-by-step process: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-api-cli.html

=== RESPONSE TO SECOND QUESTION ===

As long as the information in the CSR is the same across all of your EC2 servers, you do not need to create a CSR for each EC2 servers. You just need 1.

AWS
Dwight
답변함 3일 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠