- 最新
- 投票最多
- 评论最多
I think the documentation needs to be updated here because it's 100% not possible to use the ACM console like it mentions here: https://docs.aws.amazon.com/acm/latest/userguide/export-private.html to export, or even issue a certificate by a PCA (Private CA) in short-lived certificate mode. This is because when you use the ACM console to request a certificate, the setting of the validity of the certificate is always 13 months. PCAs in short-lived mode can only issue certs up to 7 days which is why you get that error.
Also, the ACM console is for issuing end-entity certificates anyways. I think that in that documentation you posted, it wants to you retrieve the CA certificate of the PCA. This can be done by going to the AWS console -> Private CA -> Select your PrivateCA -> then, look for the CA Certificate Tab. The CA certificate should be there in PEM which you can copy. The reason why I think this is the right ways is because the next step is:
-Publish the CA to Active Directory. Copy the CA private certificate to any <path><file> and run the following commands as a domain administrator.
FYI, the only way to issue end-entity certificates from a PCA in short lived mode is to use the IssueCertificate API. That API is not supported in the console and must be made programmatically / CLI. https://docs.aws.amazon.com/privateca/latest/userguide/PcaIssueCert.html
相关内容
- AWS 官方已更新 6 个月前
- AWS 官方已更新 5 个月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 个月前