Recently I spent a few hours trying to figure out how to add a self-signed certificate to AWS ACM. I found a few tutorials on the internet, but none of them worked for me end-to-end. So I decided to write this post to help others who are facing the same problem.
In essence, this tutorial will show you how to create a self-signed certificate using OpenSSL and then will add it to AWS ACM using the AWS CLI v2.
Prerequisites
To follow this tutorial, you will need:
1. Create a private key
openssl genrsa -out private.key 2048
2. Generate the certificate using the private key
openssl req -new -x509 -nodes -sha1 -days 365 -extensions v3_ca -key private.key -out certificate.crt
You will be asked to enter some information. You can leave all fields blank, except for the Common Name. This field must be the domain name of your website. In this example, I will use tutorial-ssl.com
.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:tutorial-ssl.com
Email Address []:
3. Import the certificate to AWS ACM
aws acm import-certificate --certificate fileb://certificate.crt --private-key fileb://private.key --region eu-west-1
It is important to use the fileb://
prefix when passing the certificate and private key files to the AWS CLI. Without this prefix, the command will fail with the following error:
Invalid base64: "-----BEGIN CERTIFICATE-----......"
4. Verify the certificate
Log in to the AWS Console and check if your certificate is listed there.
Certificate being listed in the AWS Console.
References
- Adding a Self-Signed SSL Certificate to AWS ACM
- AWS CLI v2 - Cannot import certificate, certificate chain base64 not accepted, but valid
Conclusion
This tutorial aimed to simplify the process by guiding you through the creation of a self-signed certificate using OpenSSL and importing it into AWS ACM using the AWS CLI.
Keep in mind that self-signed certificates are best suited for testing and development environments. For production environments, it’s advisable to use certificates issued by a trusted Certificate Authority (CA).
I hope this tutorial was helpful to you. See you in the next one! 👋