By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to renew/extend AWS PCA Subordinate Validity

0

Currently we have an issue with AWS ACM Private CA. The automatic renewal of private certificates issued by a Subordinate PCA cannot be done as the validity of the Subordinate PCA having only 315 days left is less than requested 395 days which AWS CertManager is using by default for renewing/extending issued certificates. Validity of ROOT PCA with 10 years left is fine.

How can the validity of the Subordinate PCA be renewed/extended again so that AWS CertManager can automatically renew the existing Certificates?

Thanks

Regards, Kevin

Topics
Security, Identity, & Compliance
Tags
AWS Certificate ManagerAWS Private Certificate Authority
Language
English
Kevin
asked 9 months ago542 views
1 Answer
0

It is recommended to create a new Subordinate CA and issue the entity certificates from the new Subordinate CA to benefit from the additional security of renewing the keys.

In case you still want to extend the validity of the existing Subordinate CA you can do the following:

  1. Open the ACM PCA Console
  2. Select the current Subordinate CA
  3. In the Actions menu select Install CA certificate
  4. Enter the required information and complete the task via Confirm and install
AWS
EXPERT
MassimilianoAWS
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content