By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can I reimport an AWS ACM certificate with a different certificate provider?

0

I have an imported ACM certificate (coming from certproviderA) which is about to expire and it is associated to 15 resources in my AWS account. I need to change the certificate provider to certproviderB, I have already issued the new certificate with the same domain name and SAN. My question is if I can do a reimport on my original ACM certificate and paste the values from the new certificate (from certproviderB); I mean, will this work? Or will I have an error because the original certificate was coming from certproviderA? What I would like to avoid is having to import a certificate from scratch and associate all 15 resources to it. If I could just reimport the same cert, I would not have to worry about the resources association. Thanks in advance Cheers Alejandro

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
Alejandro Lozano
asked 4 months ago233 views
2 Answers
2
Accepted Answer

Hi,

AWS Certificate Manager can support the re-import feature. The ARN of the certificate will not change and the newly imported certificate will be automatically deployed to the associated resources. However, during the reimport process we have some restrictions on old and new certificate:

  • You can add or remove domain names.
  • You cannot remove all of the domain names from a certificate.
  • If Key Usage extensions are present in the originally imported certificate, you can add new extension values, but you cannot remove existing values.
  • If Extended Key Usage extensions are present in the originally imported certificate, you can add new extension values, but you cannot remove existing values.
  • The key type and size cannot be changed.
  • You cannot apply resource tags when reimporting a certificate.

However, there is no restriction that your Issuer must be the same CA, so even if the CA is changed, you still can perform reimport as long as the above conditions are met.

https://docs.aws.amazon.com/acm/latest/userguide/import-reimport.html

profile picture
Cat on AWS
answered 4 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed 2 months ago
profile picture
EXPERT
Gary Mclean
reviewed 4 months ago
0

Thank you, I will proceed then to reimport it later on. Cheers!

Alejandro Lozano
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content