Client Certificate Management

0

Our client would like us to take over Certificate Management for them now so they can be completely hands off in the management of the service we run for them. Our current process for cert renewal is to send the client a new CSR, import the new cert into ACM and update the ALB to use this new cert.

I'd like to know what AWS infrastructure we'd need to configure / use to fully manage this for our client and request certificates for their actual domain of say xyz.com where they access the sites(s) we manage for them.

Ideally we'd like ACM to be able to auto renew the certs and therefore keep the ALB updated with the certs. I know how to do this with our own domain hosted in Route53 but not with a third party domain.

Do we need to setup the client domain in Route53, update the name servers to the clients as a first step or is there a much simpler way and we don't need Route53 at all? e.g. can I just request a cert in ACM and get the client to add the txt records and this will allow the auto renewal

1 Answer
0

I will say this will be the easiest and best one of the possible way:

"Do we need to setup the client domain in Route53, update the name servers to the clients as a first step"

this is also possible:

"can I just request a cert in ACM and get the client to add the txt records and this will allow the auto-renewal"

(Not sure about auto renewal) but I am using the same method. Didn't had a renewal yet

Yawar
answered 2 years ago
  • Thanks Yawar, I'll test with ACM first and then move onto setting up Route53 is required.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions