How to Add a Self-Signed SSL Certificate to AWS Certificate Manager ACM
AWS

How to Add a Self-Signed SSL Certificate to AWS Certificate Manager ACM

Thiago Alves
Thiago Alves

Recently I spent a few hours trying to figure out how to add a self-signed certificate to AWS ACM. I found a few tutorials on the internet, but none of them worked for me end-to-end. So I decided to write this post to help others who are facing the same problem.

In essence, this tutorial will show you how to create a self-signed certificate using OpenSSL and then will add it to AWS ACM using the AWS CLI v2.

Prerequisites

To follow this tutorial, you will need:

1. Create a private key

openssl genrsa -out private.key 2048

2. Generate the certificate using the private key

openssl req -new -x509 -nodes -sha1 -days 365 -extensions v3_ca -key private.key -out certificate.crt

You will be asked to enter some information. You can leave all fields blank, except for the Common Name. This field must be the domain name of your website. In this example, I will use tutorial-ssl.com.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:tutorial-ssl.com
Email Address []:

3. Import the certificate to AWS ACM

aws acm import-certificate --certificate fileb://certificate.crt --private-key fileb://private.key --region eu-west-1

It is important to use the fileb:// prefix when passing the certificate and private key files to the AWS CLI. Without this prefix, the command will fail with the following error:

Invalid base64: "-----BEGIN CERTIFICATE-----......"

4. Verify the certificate

Log in to the AWS Console and check if your certificate is listed there.

Certificate being listed in the AWS Console. Certificate being listed in the AWS Console.

References

Conclusion

This tutorial aimed to simplify the process by guiding you through the creation of a self-signed certificate using OpenSSL and importing it into AWS ACM using the AWS CLI.

Keep in mind that self-signed certificates are best suited for testing and development environments. For production environments, it’s advisable to use certificates issued by a trusted Certificate Authority (CA).

I hope this tutorial was helpful to you. See you in the next one! 👋

Ssl certificate icons created by Smashicons - Flaticon

You may also like

See all AWS
How to send push notifications from a Lambda function

How to send push notifications from a Lambda function

In this post, we will see how to send push notifications from a Lambda function using ntfy.

First impressions of Amazon CodeWhisperer from a GitHub Copilot user

First impressions of Amazon CodeWhisperer from a GitHub Copilot user

Amazon CodeWhisperer recently became...