Client Certificate Management

Question

Our client would like us to take over Certificate Management for them now so they can be completely hands off in the management of the service we run for them.  Our current process for cert renewal is to send the client a new CSR, import the new cert into ACM and update the ALB to use this new cert.

I'd like to know what AWS infrastructure we'd need to configure / use to fully manage this for our client and request certificates for their actual domain of say xyz.com where they access the sites(s) we manage for them.

Ideally we'd like ACM to be able to auto renew the certs and therefore keep the ALB updated with the certs.  I know how to do this with our own domain hosted in Route53 but not with a third party domain.

Do we need to setup the client domain in Route53, update the name servers to the clients as a first step or is there a much simpler way and we don't need Route53 at all?  e.g. can I just request a cert in ACM and get the client to add the txt records and this will allow the auto renewal

Answer

I will say this will be the easiest and best one of the possible way:

> "Do we need to setup the client domain in Route53, update the name servers to the clients as a first step"

this is also possible:

> "can I just request a cert in ACM and get the client to add the txt records and this will allow the auto-renewal"

(Not sure about auto renewal) but I am using the same method. Didn't had a renewal yet

Client Certificate Management

Conteúdo relevante